Over 60 Million Americans Exposed Through Misconfigured Database
Security researchers have discovered an online database completely unsecured and exposed to the public internet, containing the personal details of at least 63 million Americans. A team at vpnMentor led by Ran Locar and Noam Rotem found the Elasticsearch database wide open during a "routine research project." It soon traced the trove back to OneMoreLead, a B2B sales and marketing company which claims on its unfinished website to have a database of "40+ million 100% verified B2B prospects to search from." READ MORE...
Krebs on Security: Ransomware Gangs and the Name Game Distraction
It's nice when ransomware gangs have their bitcoin stolen, malware servers shut down, or are otherwise forced to disband. We hang on to these occasional victories because history tells us that most ransomware moneymaking collectives don't go away so much as reinvent themselves under a new name, with new rules, targets and weaponry. Indeed, some of the most destructive and costly ransomware groups are now in their third incarnation. READ MORE...
Hackers are using CAPTCHA techniques to scam email users
More email users fell for scams using CAPTCHA technology in 2020, a new report from security firm Proofpoint shows. The technique, which uses a visual puzzle to help authenticate human behavior, received 50 times as many clicks in 2020 compared to 2019. That's still only a 5% overall response rate, researchers note. Comparatively, one in five users clicked attachment-based emails with malware disguised as Microsoft PowerPoints or Excel spreadsheets. READ MORE...
Cisco Patches Critical Vulnerability in Small Business VPN Routers
Cisco on Wednesday announced the release of patches for a critical vulnerability in small business VPN routers that could allow unauthenticated attackers to execute arbitrary code on affected devices. Tracked as CVE-2021-1609 (CVSS score 9.8), the issue was discovered in the web interface of RV340, RV340W, RV345, and RV345P routers and exists because HTTP requests are not properly validated. READ MORE...
China-Linked Cyberespionage Operation Suggests Interest in SCADA Systems
A cyberespionage group that appears to be based in China has been seen targeting critical infrastructure organizations in Southeast Asia, and the attackers may be interested in industrial control systems (ICS). It's not uncommon for Chinese threat actors to target Southeast Asia. Over the past years, they have been observed targeting organizations in the military, telecommunications, technology and government sectors in this region. READ MORE...
'I'm Calling About Your Car Warranty', aka PII Hijinx
When you sign up on a new website, where does that information go? Some researchers decided to find out. On Wednesday, they released their preliminary information at a Black Hat USA 2021 session called Use and Abuse of Personal Information. Researchers created 300 fake identities, signing them up on 185 legitimate websites ranging from Target to Fox News, with each identity used on a single website. READ MORE...
Decade-Old Router Bug Could Affect Millions of Devices
Security researchers have discovered a 12-year-old router vulnerability that they've warned may affect millions of devices globally. Tenable research engineer, Evan Grant, explained in a blog post that he originally found the authentication bypass vulnerability in devices from manufacturer Buffalo. However, during the disclosure process, he found that the bug actually existed in the underlying firmware from Taiwanese firm Arcadyan. READ MORE...
- ...in 1858, the first transatlantic telegraph cable is completed.
- ...in 1884, the cornerstone for the Statue of Liberty is laid on the former Bedloe's Island (now Liberty Island) in New York Harbor.
- ...in 1914, the first electric traffic signal lights are installed in Cleveland, Ohio.
- ...in 1926, magician and escape artist Harry Houdini performs his greatest feat, apparently spending 91 minutes in a sealed underwater tank before escaping.
