Critical Flaw Exploited to Bypass Fortinet Products and Compromise Orgs

According to Cyble’s research published on November 24, multiple Fortinet products are affected by an alternate path flaw tracked as CVE-2022-40684, including FortiOS, FortiProxy, and FortiSwitchManager.

Iran’s Fars News Agency Website Hacked as Part of Anti-Government Protests

On Friday, the hacktivist group by the name of Black Reward attacked the database of the Iranian hardline Fars News Agency, claiming to have deleted nearly 250 terabytes of data from the website from its servers and computers.

Moses Staff Hackers Publish Footage of Jerusalem Explosion

Along with the video, Moses Staff posted a Hebrew inscription on its Telegram group that said “for a long time we had control over all your activities – step by step, moment by moment.”

Medical Software Firm Exposes Vulnerable Children’s Sensitive Data

Researchers reviewed a sample of 1,000 records to determine who owned the data and informed them about the exposed database. As per their findings, each record they reviewed had some form of PII related to children.

34 Russian Hacking Groups Stole 50 Million User Passwords via Info-stealers

Group-IB states that the 34 Russian hacking groups are distributing info-stealers and offering them as stealer-as-a-service. The hackers mainly offer Redline and Racoon info-stealers to steal passwords from Roblox and Steam gaming accounts.

Leaky Server Exposing Scraped Data of 150,000 Mastodon Users

The server is actively scraping information from Mastodon users. Researcher Anurag Sen found the server on November 15, however, it is unclear for how long it has been logging users’ information.

Leaked Amazon Prime Video Server Exposed Users Viewing Habits

The exposed database contained 215 million records of pseudonymized viewing data. This includes the name of the movie or show being streamed, the streaming device, and similar internal data such as subscription information and network quality.

Smartphones of Iranian Protesters Targeted with Spyware

Voice of America has obtained a copy of the spyware. In its report, the agency noted that the malware was previously distributed on different forums and titles such as Telegram with Free Internet.

The Top 5 Cloud Vulnerabilities You Should Know Of

Being proactive by scanning their cloud environment for possible vulnerabilities is the best way to address vulnerabilities before they result in breaches. Having clear visibility across the entire attack surface is key to securing the cloud.

Covid antigen test results of 1.7m Indian and foreign nationals leaked online

An Elasticsearch server belonging to a healthcare software provider in India is currently exposing the Covid antigen test results of Indians and foreign nationals who traveled to or from India in the last couple of years.

Defend Against Threats with Cyber Fusion

Cyware is the leading provider of cyber fusion solutions that power threat intelligence sharing , end-to-end automation and 360-degree threat response.

Trending Tags