Watch out, VPN users! A Chinese-run VPN service has exposed the PII of roughly a million users via an unsecured server. But, it’s still less threatening than a highly sophisticated threat actor harvesting your sensitive data by exploiting telecommunication firms. In other news, security experts found a way someone can clone your online identity via browser fingerprinting. Scroll down to learn more about the top cybersecurity events from the last 24 hours.
Data pertaining to at least one million users of Quickfox VPN was left open to the internet due to an unprotected Elasticsearch storage blob.
LightBasin, an alleged Chinese hacker group, infiltrated at least 13 telecommunication companies around the globe and accessed call records and messages.
The Centre for Computing History, Cambridge, disclosed and apologized for a breach impacting its online customer database. No payment card details were leaked in the incident.
Health Insurance company Anthem’s vendor PracticeMax and UMass Memorial Health disclosed the PHI and other data of its members and employees in different cyberattacks.
Phone data such as call records, browsing history, texts, photos, and precise geolocations of hundreds of thousands of users are at risk, owing to a bug in widely used consumer-grade spyware.
Researchers at Texas A&M University and the University of Florida discovered Gummy Browsers, a new fingerprint capturing and browser spoofing attack.
According to Cisco Talos, a lone wolf threat actor is using political and government-themed malicious domains as lures to deliver commodity RATs to targets in India and Afghanistan.
Intel 471 uncovered a series of posts in underground marketplaces selling counterfeit vaccine certificates with various coronavirus claims and misinformation.
Threat detection marketplace SOC Prime raised $11 million in Series A funding led by DNX Ventures, with participation from Streamlined Ventures and Rembrandt Venture Partners.
HelpSystems acquired cyber threat intelligence company PhishLabs to add to its portfolio of email security, vulnerability management, and data protection solutions.