An unsecured database is an equivalent of leaving your front door wide open to thieves. Recently, unsecure databases at an American telemarketing company and a European phone tracking firm exposed millions of sensitive records. Meanwhile, a Chinese hacker group was reportedly found targeting users of Microsoft Exchange through zero-day attacks. Also, read about how hackers cheated off hundreds of banks in Italy. Continue reading for today’s cybersecurity updates from the past 24 hours.
01
An unsecured Elasticsearch database at Ringostat exposed millions of phone numbers, recordings, and call logs while impacting 67,000 customers.
02
Chinese government-backed Hafnium threat group has been exploiting multiple zero-day flaws in on-premise Microsoft Exchange Server in an apparent espionage campaign.
03
Researchers from vpnMentor stumbled across an unsecured AWS S3 bucket containing 114,000 files and 2,000 transcripts belonging to telemarketing firm CallX.
04
Malaysia Airlines disclosed almost a decade-long security breach that compromised the personal information of members of its frequent flyer program, Enrich.
05
Researchers warned against a new tactic by ObliqueRAT operators who target organizations in South Asia by sending malicious Microsoft Office documents via email.
06
According to Avast, at least 100 banks in Italy were targeted by the Ursnif Trojan that led to the loss of several credentials and financial data.
07
The identities of a third of the living recipients of the U.S. Congressional Medals of Honor were stolen and used to purchase goods and luxury items from military exchanges.
08
The makers of a phishing toolkit named 16Shop were found targeting users of the popular mobile payments service, Cash App, to steal their account credentials.
09
Israel-based identity validation startup Identiq raised $47 million in Series A funding led by Insight Partners and Entrée Capital, with participation from others.
10
TPG Capital acquired identity security firm Thycotic from Insight Partners and announced its merger with Centrify, a PAM vendor that it acquired last month.
