Stolen Credentials Led to Data Theft at United Nations
A threat actor used stolen credentials from a United Nations employee to breach parts of the UN's network in April and steal critical data, a spokesman for the intergovernmental organization has confirmed. That data lifted from the network can be used to target agencies within the UN, which already has experienced and responded to "further attacks" linked to the breach, Stéphane Dujarric, spokesman for the UN Secretary-General, told Bloomberg, which broke the news in a report published Thursday. READ MORE...
500,000 Fortinet VPN credentials exposed: Turn off, patch, reset passwords
A threat actor has leaked a list of almost 500,000 Fortinet VPN credentials, stolen from 87,000 vulnerable FortiGate SSL-VPN devices. The breach list provides raw access to organizations in 74 countries, including the USA, India, Taiwan, Italy, France, and Israel, with almost 3,000 US entities affected. According to Fortinet the credentials were obtained from systems that remained unpatched against CVE-2018-13379 at the time of the actor's scan. READ MORE...
McDonald's Email Blast Includes Password to Monopoly Game Database
McDonald's UK Monopoly VIP game kicked off at the end of August, and a recent round of emails sent to winners of the game's various prizes included more than a coupon for free fries. The franchise accidentally inserted passwords for a McDonald's server that hosted information tied to the UK Monopoly VIP game. In the wrong hands, these credentials could have been abused to rip off players or cheat the game on a massive scale, according to experts. READ MORE...
Understanding the Cryptocurrency-Ransomware Connection
Unfortunately for the law-abiding of the world, ransomware is an idea that caught on immediately and never lost steam. In fact, it's grown to the point that it now contributes to a thriving cybercrime business, often targeting large sectors, including education, finance, healthcare, the legal sector, and manufacturing. According to Fortinet research, by the end of 2020, there were as many as 17,200 devices reporting ransomware each day. READ MORE...
Windows MSHTML zero-day defenses bypassed as new info emerges
New details have emerged about the recent Windows CVE-2021-40444 zero-day vulnerability, how it is being exploited in attacks, and the threat actor's ultimate goal of taking over corporate networks. This Internet Explorer MSHTML remote code execution vulnerability, tracked as CVE-2021-40444, was disclosed by Microsoft on Tuesday but with few details as it has not been patched yet. READ MORE...
- ...in 1813, the U.S. defeats the British Fleet at the Battle of Lake Erie during the War of 1812.
- ...in 1941, scientist and popular science writer Stephen Jay Gould ("The Mismeasure of Man", "The Panda's Thumb") is born in Queens, NY.
- ...in 1963, major league baseball pitcher Randy Johnson is born in Walnut Creek, CA.
- ...in 2008, CERN's Large Hadron Collider is powered up in Geneva, Switzerland. It is the most complex experimental facility ever built.
