A Luxottica data breach has exposed the personal and protected health information for patients of LensCrafters, Target Optical, EyeMed, and other eye care practices. Luxottica is the world's largest eyewear company with a portfolio of well-known eyeglass brands, including Ray-Ban, Oakley, Oliver Peoples, Ferrari, Michael Kors, Bulgari, Armani, Prada, Chanel, and Coach. In addition to selling eyeglasses, Luxottica also operates the EyeMed vision benefits company and partners with eye care professionals. READ MORE...
Bug bounty hunters have hacked routers, network-attached storage (NAS) devices and smart TVs at the Zero Day Initiative's Pwn2Own Tokyo 2020 hacking competition. Due to the COVID-19 pandemic, the competition has been turned into a virtual event and Pwn2Own Tokyo is actually coordinated by Trend Micro's ZDI from Toronto, Canada, with participants demonstrating their exploits remotely. Organizers have offered significant prizes for exploits targeting a wide range of mobile and IoT devices. READ MORE...
Apple has patched three vulnerabilities in iOS (and iPadOS) that were actively being exploited in targeted attacks. Vulnerabilities that are being exploited in the wild without a patch being available are referred to as zero-days. The vulnerabilities were found and disclosed by Google's Project Zero team, and patches were issued yesterday. What has Apple patched in the update? Publicly disclosed computer security flaws are listed in the Common Vulnerabilities and Exposures (CVE) list. READ MORE...
Security researchers have discovered a new worm and botnet dubbed Gitpaste-12, named for its usage of GitHub and Pastebin to host component code and the 12 known vulnerabilities it exploits to compromise systems. The Juniper Threat Labs research team detected the first Gitpaste-12 attacks on Oct. 15, 2020, however, the team notes the first commit was seen on GitHub on July 9, meaning the malware had lived on GitHub since then. READ MORE...
An advanced HM Revenue and Customs (HMRC) tax rebate scam is targeting UK residents this week via text messages (SMS). The smishing campaign is concerning as it employs multiple HMRC phishing domains and tactics, with new domains added every day as older ones get flagged by spam filters. Not only do the phishing pages mimic HMRC's web interface meticulously, but they also have entire online banking workflows built into them, depending on who your banking provider is. READ MORE...
At least one ransomware operator appears to have added to their arsenal an exploit for a recently patched vulnerability in Oracle WebLogic. Tracked as CVE-2020-14882 and considered critical severity, the vulnerability was addressed in Oracle's October 2020 Critical Patch Update. It can be exploited remotely and does not require authentication for that. The first attacks targeting the vulnerability appeared within the first week after patches were released. READ MORE...
A new ransomware called Pay2Key has been targeting organizations from Israel and Brazil, encrypting their networks within an hour in targeted attacks still under investigation. Michael Gillespie, the creator of ID Ransomware, has also seen submissions from Pay2Key victims predominantly from Brazilian IP addresses. Although used in attacks against multiple Brazilian entities, this ransomware is not related to yesterday's RansomExx attacks targeting Brazil's government networks. READ MORE...