The Android app Web Explorer – Fast Internet left an open instance, exposing a trove of sensitive data that malicious actors could use to check specific users’ browsing history.
THE HUMAN RESOURCES, payroll, and benefits management company Sequoia said in disclosures to customers at the beginning of the month that it detected unauthorized access to a cloud storage repository that contained an array of sensitive and personal data related to the company's Sequoia One customers.
Security researcher Jeremiah Fowler together with the Website Planet research team discovered a non-password protected database that contained a massive amount of records. The total size of the dataset was 601.84 GB and the total number of documents were over 1,16B. Upon further research there were multiple references throughout the database indicating that the data belonged to the California-based online retailer, Vevor. According to Crunchbase they are registered in the US, but based on publicly available details on their website (for e.g. privacy policy), it appears to be a China-based company.
Touted as the most widely deployed SSL VPN solution, Pulse Connect Secure provides remote and mobile users with secure access to corporate resources. The VPN appliance is part of Ivanti’s portfolio, after it acquired Pulse Secure in 2020. Pulse Secure appliances are known for being the target of choice for both cybercriminals and state-sponsored threat actors, and government agencies have issued multiple alerts to warn of continuous exploitation of unpatched vulnerabilities in these products.
Cisco has released a new security advisory warning of a high-severity flaw affecting IP Phone 7800 and 8800 Series firmware that could be potentially exploited by an unauthenticated attacker to cause remote code execution or a denial-of-service (DoS) condition.
Travel agencies have emerged as the target of a hack-for-hire group dubbed Evilnum as part of a broader campaign aimed at legal and financial investment institutions in the Middle East and Europe.
The attacks, which took place during 2020 and 2021 and likely went as far back as 2015, involved a revamped variant of a malware called Janicab that leverages a number of public services like WordPress and YouTube as dead drop resolvers, Kaspersky said in a technical report published this week.
Attackers are launching malicious campaigns to distribute multiple malware families on Windows and Android platforms. They are using a darknet platform dubbed Zombinder to bind malicious payloads to legitimate Android apps.
The U.S. Department of Health and Human Services (HHS) has issued a new advisory to warn healthcare organizations about ongoing attacks by the Royal ransomware gang. The advisory mentions that the ransomware group is behind multiple attacks against U.S. healthcare firms.
As the holiday season approaches, online shopping and gift-giving are at the top of many people's to-do lists. But before you hit the "buy" button, it's important to remember that this time of year is also the peak season for cybercriminals.
In fact, when organizations are armed with intelligence that’s timely, relevant, and actionable, they can bolster their own cyber defense measures and even prevent a ransomware attack from occurring in the first place.
