Unsecured databases are back to bite security teams and users. Data of citizens from more than 80 municipalities in the U.S. was inadvertently laid bare in a security lapse. In a fresh alert, U.S. authorities outlined the number of attack attempts on pipeline infrastructure, both successful and missed ones, by Chinese state-sponsored hackers. A number of heads of state were named among the potential targets of the Pegasus spyware. Continue reading to learn about the top ten cybersecurity events from the past 24 hours.
01
WizCase discovered a massive breach encompassing about 80 U.S. cities. The incident exposed PII, including physical address, contact details, IDs, and tax documents, via misconfigured Amazon S3 buckets.
02
The CISA issued an alert stating that Chinese state actors were hiding in the networks of 23 oil and natural gas pipeline companies in the U.S. from 2011 to 2013.
03
Check Point experts are warning against macOS and Windows versions of XLoader malware that is currently in high demand in the underground marketplace. It is notably the new version of FormBook malware.
04
Zscaler found 11 apps on Google Play loaded with Joker malware. The malware is capable of harvesting contacts, stealing data, and monitoring SMS messaging.
05
French President Emmanuel Macron was named among a list of 14 current or former heads of states who may have been targeted for espionage using the NSO Group's Pegasus spyware.
06
Trend Micro attributed an Android malware sample to the StrongPity APT group, which was pilfering contact lists and collecting files with specific file extensions from Syrian e-Gov websites.
07
ReversingLabs discovered a malicious NPM package stealing saved passwords from the Chrome browser while also setting up a persistent backdoor for spying purposes.
08
Orange Group sounded the alarm about a critical vulnerability in Fortinet appliances that can be exploited to grant unauthorized individuals complete control over a targeted system.
09
DNSFilter, an AI-based DNS protection firm, raised $30 million in Series A funding from Insight Partners.
10
Cybersecurity startup Safe Security (earlier known as Lucideus) raised $33 million in a strategic round led by London-based British Telecom.
