Davey Winder reminds us all that not all hacking is a crime and you can earn a lot of money by hacking firms that have bug bounty programs. Hacking is not a crime As regular readers and video viewers will know, #STC is a big fan of the Hacking is NOT a Crime movement. The reality is that cybercrime…
Category: Business Sector
Fujitsu confirms stolen data not connected to cyberattack on its systems
Jonathan Greig reports: Fujitsu has confirmed that data being marketed by cybercriminals is not related to any cyberattack on its systems. Criminal marketplace Marketo claimed to have 4GB of data from Fujitsu last month and began marketing it widely. […] Marketo has also changed its tune, now writing that the stolen data is entirely from Japanese manufacturing…
New .avos2 variant: AvosLocker affiliate extorts $ 85k from victim thanks to old vulnerability in FortiGate VPN
Marco A. De Felice reports: An affiliate of the AvosLocker ransomware group extorts $ 85,000 in bitcoin from a company thanks to a known vulnerability in FortiGate VPN ( CVE-2018-13379 ). A vulnerability that the American multinational had corrected THANKS TO AN UPDATE released IN NOVEMBER 2019 . Those who have not updated their systems are a small company that…
Sg: MyRepublic data breach: 80,000 mobile users’ personal data exposed
Yahoo! reports: The personal data of about 80,000 MyRepublic mobile subscribers was accessed without authorisation last month. The telco said in a media release on Friday (10 September) that the breach took place on 29 August on a third-party data storage platform used to store the personal data of its mobile customers. Investigations showed that…
McDonald’s email blunder broadcasts database creds to comedy competition winners
Gareth Corfield reports: McDonald’s customers who won a prize draw competition got more than they hoped for after the burger chain emailed them login credentials for development and production databases used to power the campaign. The first person to report the blunder to McDonald’s, startup founder Connor Greig, told The Register: “It’s a bit weird,” adding…
Hackers leak passwords for 500,000 Fortinet VPN accounts
Lawrence Abrams reports: A threat actor has leaked a list of almost 500,000 Fortinet VPN login names and passwords that were allegedly scraped from exploitable devices last summer. While the threat actor states that the exploited Fortinet vulnerability has since been patched, they claim that many VPN credentials are still valid. Read more on BleepingComputer.