Sergiu Gatlan reports: A critical Windows zero-day vulnerability, known as Follina and still waiting for an official fix from Microsoft, is now being actively exploited in ongoing phishing attacks to infect recipients with Qbot malware. Proofpoint first reported Monday that the same zero-day was used in phishing targeting US and EU government agencies. Read more at BleepingComputer.
Category: Commentaries and Analyses
Aurora pays $6 mn bug bounty to ethical hacker
Shashank Bhardwaj reports: Aurora, the bridging and scaling solution for Ethereum (ETH), announced on Tuesday that it had given a $6 million bug bounty to an ethical security hacker by the name of pwning.eth for discovering a critical vulnerability in the Aurora Engine. The bounty was paid by Aurora in collaboration with Immunefi, which is…
California Attorney General Reminds Health App Providers of Obligations to Protect Reproductive Health Information
Hunton Andrews Kurth writes: On May 26, 2022, California Attorney General Rob Bonta issued a press release reminding health app providers that California’s Confidentiality of Medical Information Act (“CMIA”) applies to mobile apps that are designed to store medical information, which includes health apps such as fertility trackers. The press release reminds health app providers that the…
SSNDOB Marketplace, A Series Of Websites That Listed More Than 20 Million Social Security Numbers For Sale, Seized And Dismantled In International Operation
Tampa, Florida – United States Attorney Roger B. Handberg, along with Special Agent in Charge Darrell Waldon for the IRS – Criminal Investigation Washington D.C. Field Office, and Special Agent in Charge David Walker for the FBI – Tampa Division, today announced the seizure of the SSNDOB Marketplace, a series of websites that operated for…
LockBit tries to get media’s attention for their response to a Mandiant analysis
One of the most hated threat intel companies in the world is Mandiant, and they are hated because they are often right. But this week, LockBit decided to respond in a somewhat different way to one of Mandiant’s recent claims. The ransomware group published a notice on their leak site yesterday saying that 356,841 files…
AU: Researcher finds ACY Securities leaking 60 GB of User Data
ACY Securities describes itself as one of Australia’s fastest growing multi-asset online CFD trading providers. But as first reported by HackRead, the trading firm was leaking 60 GB of user data until independent researcher Anurag Sen persisted in trying to alert them to a misconfigured elasticsearch database. As seen by Hackread, the data included personally…