Tara Seals reports: CVE-2021-22893 allows remote code-execution (RCE) and is being used in the wild by nation-state cyberattackers to compromise VPN appliances in defense, finance and government orgs. A critical zero-day security vulnerability in Pulse Secure VPN devices has been exploited by nation-state actors to launch cyberattacks against U.S. defense, finance and government targets, as…
Elliman’s property management arm suffers data breach
Erin Hudson reports: Thousands of New York residents who live in buildings run by Douglas Elliman’s property management arm may have had their personal information compromised this month. Douglas Elliman Property Management’s three managing directors emailed hundreds of co-operative and condominium boards Monday to advise them that the company’s IT network — which contains data…
Palestinian Hackers Tricked Victims Into Installing iOS Spyware
Lily Hay Newman reports: Hacking activity in the Gaza Strip and West Bank has ramped up in recent years as rival Palestinian political parties spar with each other, the Israeli-Palestinian conflict continues, and Palestinian hackers increasingly establish themselves on the global stage. Now, Facebook has uncovered two digital espionage campaigns out of Palestine, active in 2019 and 2020, that…
Ca: Court approves data breach settlements with BMO, CIBC
James Langton reports: An Ontario court has approved proposed class action settlements with Bank of Montreal (BMO) and CIBC over cybersecurity breaches involving thousands of clients. The Superior Court of Justice endorsed settlements and distribution plans designed to resolve lawsuits against the banks stemming from a data theft that affected more than 10,000 clients of…
Kansas Department of Labor looking into possible data breach
Caroline Elliott reports: A KWCH investigation in February helped to launch a Kansas Department of Labor investigation after the investigation discovered a way to use social security numbers on the KDOL website to pull up anyone’s personal information. Eyewitness News reporter Caroline Elliott has been looking into the issue for months and Tuesday, April 20, Eyewitness…
Logins for 1.3 million Windows RDP servers collected from hacker market
Lawrence Abrams reports: The login names and passwords for 1.3 million current and historically compromised Windows Remote Desktop servers have been leaked by UAS, the largest hacker marketplace for stolen RDP credentials. With this massive leak of compromised remote access credentials, researchers, for the first time, get a glimpse into a bustling cybercrime economy and…