Amazon S3 buckets misconfiguration left 1,000 GB of local government data exposed The team of cybersecurity researchers from security company Wizcase identified that 1,000 GB of data and over 1.6 million files belonging to dozens of US municipalities were left exposed. All of the cities and towns that became the victims of this incident were
$350,000 stolen from users by 170 Android cryptocurrency mining scam apps Users pay money for mining but get nothing. More than 170 applications from the Android ecosystem have been identified as scam services. The applications are offering cloud-based mining services to users interested in mining cryptocurrencies. Users just need to pay a fee and the
Critical Android RCE Bug patched by Google Google addresses more than 90 bugs in its June Security Bulletin including the critical remote code execution bug that could enable malicious actors to commandeer the targeted mobile device with vulnerabilities. The bug tracked CVE-2021-0507 is related to the Android OS system component and by exploiting this bug
Android apps’ cloud authentication failures have led to the large data exposure The analysis of Android apps has revealed critical cloud misconfigurations that could cause the exposure of data belonging to more than 100 million users. Check Point Research (CPR) cybersecurity firm has identified that over 23 popular mobile apps may contain third party cloud
Close to $5 million paid by Colonial Pipeline to ransomware group Colonial Pipeline paid close to $5 million to the ransomware group that committed a cyberattack against the company and locked its systems. The fuel giant’s systems have been affected for 1 week. The company experienced a ransomware attack on May 7 that forced the
Memory allocation holes found by Microsoft in IoT and industrial technology Microsoft recommends users to monitor their network for any anomalies, segment network, and, when applicable, remove internet connections in case there is no possibility to patch an IoT/OT device. A batch of bad memory allocation operations in code in operational technology (industrial control systems)
DHS warns against using Chinese hardware and digital services The DHS (US Department of Homeland Security) has published a “business advisory” warning US companies against using hardware equipment and digital services created or linked to Chinese companies. These Chinese products could contain backdoors, bug doors, or hidden data collection mechanisms that could be used by
800,000 SonicWall VPNs vulnerable to new remote code execution bug Over 800,000 internet-accessible SonicWall VPN appliances are vulnerable to CVE-2020-5135, a critical bug with a rating of 9.4 out of 10. It is assumed to happen under active exploitation once proof-of-concept code is made publicly available. Link here Barnes & Noble Hack: A Reading List
Ransomware attack at a German hospital leads to the death of a patient A man had a life-threatening condition and passed away after being forced to go to a more distant hospital because the nearest hospital was under a ransomware attack. German police contacted the ransomware operators via the ransom note instructions and explained that
