Vulnerable Click2Gov software continues to affect users paying utility bills online. In the past, the unpatched software has been exploited multiple times to affect residents in dozens of cities in the U.S. and this time it has affected the residents of Aurora city. It is believed that the residents who made water payments to the city between August 30 and October 14, 2019, through the Click2Gov system may be affected.
Top Breaches Reported in the Last 24 Hours
Landry’s Inc. breached
Landry’s Inc. has issued a notice to alert the public of a recent security incident involving payment processing systems. An investigation has released that customers’ payment cards could have been mistakenly swiped on the order-entry systems instead of the PoS terminals. The firm reveals that the payment card swiped between March 13, 2019, and October 17, 2019, may have been affected in the incident.
Poloniex resets passwords
Cryptocurrency exchange Poloniex has enforced a password reset on users whose email addresses and passwords were leaked on Twitter. In an email shared with customers, Poloniex had shared a list of email addresses and passwords and claimed that they could be used to log in to Poloniex accounts.
Click2Gov payment system exploited again
Personal information of some Aurora Water customers may have been affected due to a breach of the Click2Gov payment system. The compromised information includes the customer’s
first and last name, billing address, payment card type, payment card number, payment card verification value, and payment card expiration date.
Top Malware Reported in the Last 24 Hours
Shitcoin Wallet extension
Top Vulnerabilities Reported in the Last 24 Hours
Starbucks API key exposed
Developers at Starbucks left an API key exposed that could be used by attackers to access internal systems and manipulate the list of authorized users. The issue has been rated as ‘critical’ because it could allow attackers to execute commands on systems, add or remove users which have access to internal systems, and potentially AWS account takeover. The key was found in a public GitHub repository.
Multiple vulnerabilities have been uncovered in DTEN D5 and D7 conferencing and collaboration systems. The flaws could be exploited to expose sensitive data included in live meetings and saved artifacts like conversations, recordings, notes, and interactive whiteboards.
Top Scams Reported in the Last 24 Hours
Scammers use tricks to bypass email filters
Scammers involved in sextortion email scams are utilizing new tactics to bypass spam filters. These include sending emails in foreign languages or splitting bitcoin addresses into two parts. Adding these two tactics makes it more difficult for the recipient to understand what they are receiving. Usually, a sextortion email includes a message to scare the recipients. The email goes on to say that spyware has been installed on the recipient’s system and has captured several inappropriate images and videos of them.