I’d ask, “Why is this STILL happening?” but I think we all know the answers to that, and Jim Wilson of Safety Detectives actually addresses that in his article. The SafetyDetectives cybersecurity team has discovered a vulnerability affecting baby monitors, provoked by their misapplication/misconfiguration, which provides potentially harmful parties with unauthorized access to each camera’s video stream….
Category: Business Sector
French IT monitoring company’s software targeted by hackers
Reuters reports: Hackers have spent up to three years breaking into organizations by targeting monitoring software made by the French company Centreon, France’s cybersecurity watchdog said Monday. The watchdog, known by its French acronym ANSSI, stopped short of identifying the hackers but said they had a similar modus operandi as the Russian cyberespionage group nicknamed…
Could an ex-employee be planting ransomware on your firm’s network?
We’ve all seen too many instances where vengeful former employees have tried to sabotage their former employer’s network. Even when their employers remember to revoke access for the individual, they often find other ways in — like using a former colleague’s credentials or having previously created another user on the system with credentials. But would…
Threat actors claim to have stolen Jones Day files; law firm remains quiet
Over on AdvIntel, Tyler Combs has a post about threat actors attacking law firms. Many of us are already aware of a number of law firms who have been attacked and who have had their firm’s files dumped publicly when they refused to pay ransom demands, but if the biggest law firms fall prey, what…
Terrorist hackers target Atlassian & Oracle servers
Edward Kost writes: Volatile Cedar, a cybercriminal group affiliated with the Hezbollah Cyber Unit, has resurfaced after disappearing for almost 6 years. The criminal group was suddenly illuminated on the radar after suspicious activity on Oracle and Atlassian servers was discovered. Volatile cedar breached unpatched Atlassian and Oracle servers by exploiting the following vulnerabilities – CVE-2012-3152, CVE-2019-11581,…
Yandex suffers data breach after sysadmin sold access to user emails
Ionut Ilascu reports: Russian internet and search company Yandex announced today that one of its system administrators had enabled unauthorized access to thousands of user mailboxes. The company discovered the breach internally, during a routine check of its security team. The investigation revealed that the employee’s actions led to the compromise of almost 5,000 Yandex…