In total, DDoSecrets has leaked 70 GB worth of sensitive data belonging to registered Gab users. DDoSecrets, a group of hacktivists has leaked a massive trove of data belonging to Gab.com. Gab is a right-wing social network platform claiming to offer “freedom of speech” with no censorship whatsoever.
A phishing campaign targeting users of Outlook Web Access and Office 365 services collected thousands of credentials relying on trusted domains such as SendGrid. The threat actor behind this activity, which received the name "Compact," has been operating since at least the beginning of 2020 and likely collected more than 400,000 credentials in multiple campaigns.
Exactly a month after patching an actively exploited zero-day flaw in Chrome, Google today rolled out fixes for yet another zero-day vulnerability in the world's most popular web browser that it says is being abused in the wild.
Caller identification company Truecaller’s ‘Guardians’ application launched last week that lets users share their live location with selected guardians on their phone book had a major vulnerability, which was fixed by the company hours after it was pointed out by Bengaluru-based security researcher Anand Prakash.
In an incident report published on Friday, Google said that a Google Voice outage affecting a majority of the telephone service's users earlier this month was caused by expired TLS certificates. This worldwide outage prevented most Google Voice users from logging into their accounts and using the service for more than four hours between February 15th and February 16th, 2021.
VMware has addressed a high severity unauthenticated RCE vulnerability in VMware View Planner, allowing attackers to abuse servers running unpatched software for remote code execution.
The flaw, tracked as CVE-2021-1285 and rated high severity, can be exploited by an unauthenticated, adjacent attacker — the attacker is on the same layer 2 domain as the victim — to cause a device to enter a DoS condition by sending it specially crafted Ethernet frames.
The vulnerabilities could be exploited for local privilege escalation, as confirmed in experiments on Fedora 33 Server. The vulnerabilities, known together as CVE-2021-26708, have received a CVSS v3 base score of 7.0 (high severity).
GRUB, a popular boot loader used by Unix-based operating systems has fixed multiple high severity vulnerabilities. In 2020, BleepingComputer had reported on the BootHole vulnerability in GRUB2 that could have let attackers compromise an operating system's booting process even if the Secure Boot verification mechanism was active.
A new Ryuk ransomware variant with worm-like capabilities that allow it to spread to other devices on victims' local networks has been discovered by the French national cyber-security agency while investigating an attack in early 2021.
The National Security Agency (NSA) and Cybersecurity and Infrastructure Agency (CISA) released a joint information sheet Thursday that offers guidance on the benefits of using a Protective Domain Name System (PDNS).
The researchers reached out to a handful of the app makers they found with cloud exposures, but they say the response was minimal and many apps still have exposed data. This is why Zimperium isn't naming affected apps in their report. Additionally, the researchers can't notify tens of thousands of developers.
