Catalin Cimpanu reports: Cyber-security firm Imperva published today a detailed post-mortem report of a security breach the company disclosed two months ago, in August. The company blamed the security breach on an Amazon Web Services (AWS) API key a hacker stole from an internal system that was left accessible from the internet. Read more on ZDNet.
JustDial fixes bug that allowed hackers access
The Economic Times reports: Local search service JustDial was found to contain a security flaw, through which a user account could potentially be hacked, but the company managed to rectify it in a day. A cyber security researcher, Ehraz Ahmed, uncovered the vulnerability, which was first reported by moneycontrol.com. Read more at Economic Times.
Tyler Nashatka a/k/a “Psycho” arraigned on hacking, conspiracy to commit fraud, and aggravated identity theft; allegedly conspired with “Glubz”
Alleged hacker Anthony Tyler Nashatka, a/k/a “psycho,” appeared today in federal court on charges of conspiracy to commit computer fraud and abuse, conspiracy to commit wire fraud, aggravated identity theft and other charges related to a scheme to defraud victims of at least $1.4 million in cryptocurrency in December of 2017, announced United States Attorney…
Escort forums in Italy and the Netherlands hacked by “InstaKilla,” user data put up for sale
Catalin Cimpanu reports: A Bulgarian hacker has breached two online forums dedicated to sex workers, stolen user information, which he’s now selling on a hacking forum.vv The two forums are EscortForumIt.xxx and Hookers.nl — serving sex workers and customers in Italy and the Netherlands, where prostitution is legal. Read more on ZDNet.
Hook, line and sinker: How I fell victim to phishing attacks – again and again
Charlie Osborne bravely discloses all the ways she fell for phishing attacks — even though she is clearly more knowledgeable and sophisticated than the average person. And if it can happen to her, it can happen to you. Or worse, me. 🙂 Read her article on ZDNet.
Ransomware gang uses iTunes zero-day
Catalin Cimpanu reports: The operators of the BitPaymer ransomware have been spotted using a zero-day in iTunes for Windows as a mechanism to bypass antivirus detection on infected hosts. The attacks and the zero-day were found by cyber-security firm Morphisec on the network of an enterprise in the automotive industry that got hit by BitPaymer…