Author Archives: Steve Zurier
Hackers published data on 3.2 million users lifted from DriveSure data on the Raidforums hacking forum late last month. To prove the data’s quality, threat actor “pompompurin” detailed the leaked files and user information information in a lengthy post, according to researchers at Risk Based Security, who were the first to report the breach. The…
The post Data on 3.2 million DriveSure clients exposed on hacking forum appeared first on SC Media.
Some 250 servers were apparently breached by the Lebanese Cedar APT group, an organization with suspected links to the Hezbollah Cyber Unit in Lebanon. The target victims include companies from many countries, including the United States, United Kingdom, Saudi Arabia, Egypt, Jordan, Lebanon, Israel and the Palestinian Authority. Many more companies and organizations have been…
The post Lebanese APT group with suspected links to Hezbollah breached 250 servers worldwide appeared first on SC Media.
A newly discovered Azure Functions vulnerability lets an attacker escalate privileges and escape the Azure Functions Docker to the Docker host. After an internal assessment, Microsoft determined that the vulnerability has no security impact on Azure Functions users because the Docker host itself gets protected by a Microsoft Hyper-V boundary, according to researchers from Intezer…
The post Azure Functions vulnerability proves cloud users not always in control appeared first on SC Media.
While Apple has a significant focus on making iOS secure, one researcher said increasingly complex capabilities often bring vulnerabilities.
Attackers exploit Microsoft 365 “read receipt” and “out of office” message loopholes to evade auto-remediation of a malicious email.
The post BEC attack techniques exploit Microsoft 365 messages appeared first on SC Media.
Softing Industrial Automation GmbH, Kepware PTC, and Matrikon Honeywell all provided fixes for their respective products after security firm Claroty privately disclosed them during 2020.
The post Users of IoT products from three major vendors at risk of DDoS attacks, data leaks appeared first on SC Media.
Five Radware customers received extortion letters in December and January threatening a DDoS attack if they did not pay five bitcoin (worth about $200,000) from a group that wanted the victims to believe they were from Fancy Bear, Lazarus Group and the Armada Collective. The threat group first attacked late last summer and in the…
The post In second attack DDoS group demands 5 bitcoin payment appeared first on SC Media.
Based on the malware features, the researchers said the attackers use the compromised systems for further attacks, spreading laterally across the victim company’s network, or launching attacks on outside targets while masquerading as the compromised company.
The post Bot ‘FreakOut’ leverages three critical vulnerabilities to attack Linux systems appeared first on SC Media.