In the last 24 hours, a text message scam that targeted hundreds of UK residents, so far, has also come to light. The message uses the COVID-19 as bait to trick victims into visiting a fake website that offers free TV licenses. The ultimate goal of the scam is to harvest personal data such as names, dates of birth, home addresses, and banking details from users.
Top Breaches Reported in the Last 24 Hours
A cryptocurrency trading platform, 2gether, has faced a cyberattack after threat actors siphoned off €1.183 million (approximately $1.3 million) from its investment accounts. The incident has also impacted user passwords. However, no financial details, general wallets, and Euro accounts were impacted by the breach.
Havenly discloses a breach
A US-based interior design website, Havenly, has disclosed a data breach after the ShinyHunters threat actor group posted a database containing 1.3 million user records for free on a hacker forum. The compromised data included users’ login names, full names, MD5 hashed passwords, email addresses, phone numbers, and zip codes.
Top Vulnerabilities Reported in the Last 24 Hours
Multiple high-severity flaws discovered in the Grandstream HT800 series of Analog Telephone Adaptors (ATAs) can open analog telephone devices and other IP-based communications infrastructure to eavesdropping and device takeover. The bug, tracked as CVE-2020-5760, scores 7.8 on the CVSS scale. It can be exploited by tricking users into opening a specially crafted message sent by attackers.
Update on Prototype Pollution flaw
In a latest discovery, a flaw in the express-fileupload library can allow hackers to stage Prototype Pollution attacks on Node.js servers. The flaw can lead to DDoS attacks and in some cases, remote shell access.
Top Scams Reported in the Last 24 Hours
Free TV license scam
Researchers have uncovered a text message scam that offers a free TV license. The message makes use of COVID-19 as bait to trick users into visiting a fake website that uses official TV license branding. The ultimate goal of the scam is to harvest personal data such as names, dates of birth, home addresses, and banking details from users. According to Parliament Street researchers, hundreds of UK consumers have already been targeted by the scam.