Two file-scrambling nasties, Qlocker and eCh0raix, are said to be tearing through vulnerable QNAP storage equipment, encrypting data and demanding ransoms to restore the information. In response, QNAP said on Thursday users should do the following to avoid falling victim: Install the latest software updates for the Multimedia Console, Media Streaming Add-on, and Hybrid Backup Read more about If you have a QNAP NAS, stop what you’re doing right now and install latest updates before Qlocker gets you[…]

Web sites for customers of agricultural equipment maker John Deere contained vulnerabilities that could have allowed a remote attacker to harvest sensitive information on the company’s customers including their names, physical addresses and information on the Deere equipment they own and operate. The researcher known as “Sick Codes” (@sickcodes) published two advisories on Thursday warning Read more about Deere John: Researcher Warns Ag Giant’s Site Provides a Map to Customers, Equipment[…]

Apple’s AirDrop feature is a convenient way to share files between the company’s devices, but security researchers from Technische Universitat Darmstadt in Germany are warning that you might be sharing way more than just a file. According to the researchers, it’s possible for strangers to discover the phone number and email of any nearby AirDrop Read more about Apple AirDrop Security Flaw Exposes iPhone Numbers, Emails: Researchers[…]

[…] WhatsApp representatives told Forbes that the easiest way to protect yourself against this kind of an attack is to make sure you’ve associated an email address with your two-step verification process so the attacker won’t be able to spoof your identity. You can do that right now by pulling up WhatsApp, loading its Settings, Read more about How to Keep Attackers From Locking You Out of WhatsApp[…]

A user in a low level hacking forum on Saturday published the phone numbers and personal data of hundreds of millions of Facebook users for free online. The exposed data includes personal information of over 533 million Facebook users from 106 countries, including over 32 million records on users in the US, 11 million on Read more about Stolen Data of 533 Million Facebook Users Leaked Online[…]

News that Ubiquiti’s cloud servers had been breached emerged on January 11, 2021, when the company emailed customers the text found in this support forum post. That missive stated: “We recently became aware of unauthorized access to certain of our information technology systems hosted by a third-party cloud provider.” That announcement continued, “We have no Read more about Wi-Fi slinger Ubiquiti hints at source code leak after claim of ‘catastrophic’ cloud intrusion emerges[…]

OpenSSL, the most widely used software library for implementing website and email encryption, has patched a high-severity vulnerability that makes it easy for hackers to completely shut down huge numbers of servers. […] On Thursday, OpenSSL maintainers disclosed and patched a vulnerability that causes servers to crash when they receive a maliciously crafted request from Read more about OpenSSL fixes high-severity flaw that allows hackers to crash huge amount servers globally[…]

[…] Working from home, whether as a permanent option or as part of hybrid models, may become standard, and so the corporate world needs to consider how best to keep their networks protected whilst also catering to a remote workforce. To this end, Cloudflare has contributed a new zero-trust solution for browser sessions. On Tuesday, Read more about Cloudflare debuts zero-trust browsing service for remote enterprise workforce[…]

Data of visitors to Diergaarde Blijdorp, Apenheul, Dierenpark Amersfoort and dozens of other theme parks are on the street. Ticket seller Ticketcounter is also extorted for 3 tons. An employee accidentally posted data online where they didn’t have to. As a result, the data could be found there for months (from 5 August 2020 to Read more about Ticketcounter leaks data for millions of people, didn’t delete sensitive data and was outed[…]

A serious flaw in Zoom’s Keybase secure chat application left copies of images contained in secure communications on Keybase users’ computers after they were supposedly deleted. Source: Exclusive: Flaws in Zoom’s Keybase App Kept Chat Images From Being Deleted | The Security Ledger

[…] Here in France, we’ve just experienced the country’s biggest ever data breach of customer records, involving some half a million medical patients. Worse, the data wasn’t even sold or held to ransom by dark web criminals: it was just given away so that anyone could download it. Up to 60 fields of personal data Read more about Half a million stolen French medical records, lab results, feeble excuses[…]

Whether you’re looking to make a change in your password management just because, or you’re a LastPass user annoyed with the service’s recent changes to its free tier, switching to the much-loved (and free) Bitwarden service is a good choice. Bitwarden is now the best free password manager for most people—since it works across all Read more about Why You Should Switch From LastPass to Bitward’s Password Manager[…]

As the U.S. continues to chart the damage from the sweeping “SolarWinds” hack, France has announced that it too has suffered a large supply chain cyberattack. The news comes via a recently released technical report published by the Agence Nationale de la sécurité des systèmes d’information—or simply ANSSI—the French government’s chief cybersecurity agency. Like the Read more about France has been suffering A Very ‘Solar Winds’-Like Cyberattack since 2017[…]

Now that Apple has officially begun the transition to Apple Silicon, so has malware. Security researcher Patrick Wardle published a blog detailing that he’d found a malicious program dubbed GoSearch22, a Safari browser extension that’s been reworked for Apple’s M1 processor. (The extension is a variant of the Pirrit adware family, which is notorious on Read more about Apple new M1 chip specific Malware Has Arrived[…]

Personal information of more than 243 million Brazilians was exposed for more than six months thanks to weakly encoded credentials stored in the source code of the Brazilian Ministry of Health’s website. The data leak exposed both living and deceased Brazilians’ medical records to possible unauthorized access. The incident was the second reported by Brazilian Read more about Brazil’s Health Ministry’s Website Data Leak Exposed 243 Million Medical Records for More Than 6 Months[…]

German software designer Jonas Strehle has published a proof of concept on GitHub that he says demonstrates a method in which the favicon’s cache can be used to store a unique identifier for a user that is readable “in the browser’s incognito mode and is not cleared by flushing the cache, closing the browser or Read more about Researchers Say Favicons Can Track You Across the Web[…]

Do you have an iPhone or iPad? You should update your device right now to iOS 14.4. No, not later today or after lunch or whatever. Update now.Why is it so crucial to update your iOS software as soon as possible? As TechCrunch first reported, Apple is reporting three security vulnerabilities that “may have been Read more about Update Your iPhone and iPad Right Now[…]

Security researchers from Qualys have identified a critical heap buffer overflow vulnerability in sudo that can be exploited by rogue users to take over the host system. Sudo is an open-source command-line utility widely used on Linux and other Unix-flavored operating systems. It is designed to give selected, trusted users administrative control when needed. The Read more about Decade-old bug in Linux world’s sudo can be abused by any logged-in user to gain root privileges[…]

Dutch police have arrested two individuals on Friday for allegedly selling data from the Dutch health ministry’s COVID-19 systems on the criminal underground. The arrests came after an investigation by RTL Nieuws reporter Daniel Verlaan who discovered ads for Dutch citizen data online, advertised on instant messaging apps like Telegram, Snapchat, and Wickr. The ads consisted of Read more about Dutch COVID-19 patient and testing data sold on the criminal underground[…]

The JSOF research labs are reporting 7 vulnerabilities found in dnsmasq, an open-source DNS forwarding software in common use. Dnsmasq is very popular, and we have identified approximately 40 vendors whom we believe use dnsmasq in their products, as well as major Linux distributions. The DNS protocol has a history of vulnerabilities dating back to Read more about DNSPOOQ breaks dnsmasq allowing for cache poisoning, remote code execution and more[…]

WhatsApp groups are showing up on Google search yet again. As a result, anyone could discover and join a private WhatsApp group by simply searching on Google. This was first discovered in 2019, and was apparently fixed last year after becoming public. Another old issue, which also appeared to have been fixed but seems to Read more about WhatsApp Private Groups + user phone numbers Were Accessible Again to Anyone Searching on Google – a yearly event now[…]

High-flying and rapidly growing Chinese social media management company Socialarks has suffered a huge data leak leading to the exposure of over 400GB of personal data including several high-profile celebrities and social media influencers. The company’s unsecured ElasticSearch database contained personally identifiable information (PII) from at least 214 million social media users from around the Read more about Socialarcs 400GB of scraped data exposing 200+ million Facebook, Instagram and LinkedIn users. Again.[…]