Mixcloud Data Breach: Over 20 Million User Data Put Up For Sale On The Dark Web

UK-based audio streaming company, Mixcloud, suffered a data breach earlier this month that exposed 20 million user accounts.   Even worse, according to various news outlets, that information was put on sale on the dark web.   The seller who goes by the handle “A_W_S” reached out to TechCrunch, allowing the company to examine and …

Cybercriminals Infect Macy’s e-Commerce Site With Magecart

Macy’s has announced that it suffered a data breach.   The breach was caused by a Magecart skimming code being inserted into its online payment portal. As a result, hackers were able to steal customer’s personal information.   Even worse, the data stolen didn’t just include names, addresses, and phone numbers. It also included credit card …

New MP4 Vulnerability Discovered in WhatsApp

There is a critical remote code execution (RCE) vulnerability in the WhatsApp messaging app, Facebook has disclosed.   The vulnerability, tracked as CVE-2019-11931, is a stack-based buffer overflow, which could allow hackers to send specially crafted MP4 files to victims, leading to denial-of-service or RCE attacks.   Facebook says, the problem resides in how the encrypted messaging app parses …

Unpatched Firefox Bug Being Exploited in the Wild

Mozilla is working to develop a fix for Firefox bugs that are being exploited by scammers who pose as tech support staff.   The attacks were first spotted by Jérôme Segura of Malwarebytes. In a Twitter post, Segura says the bug, which has the bug ID 1438214, is actively being exploited in the wild.     Even …

Leaked Documents Reveal That Facebook Gave Dating Apps Special Access to User Info

Leaked documents from an ongoing lawsuit between Facebook and Six4Three revealed that Facebook gave a number of dating apps such as Bumble and Tinder special access to user data.   In 2014, Facebook decided to stop third-party apps from accessing its data — friend lists and liked pages. Most apps were told that they had …

New ‘ZombieLoad’ Flaw Impacting Intel CPU’s

Security researchers have found another flaw impacting Intel processors.   However, it’s worth noting that back in May, EU-based security researchers shared details about this vulnerability, dubbed ZombieLoad.   What is ZombieLoad? According to the two teams of academic researchers who discovered the attack, ZombieLoad — a side-channel attack targeting Intel chips — is reminiscent of Spectre and …

Apple Will Fix A macOS Vulnerability That Exposes Parts of Encrypted Emails

Apple has vowed to fix a macOS vulnerability that allows someone to read — in plaintext — parts of encrypted emails sent via Apple Mail.   Worse still, Apple may have known about the vulnerability for months, The Verge reports.   However, it’s worth noting that the macOS flaw only affects a small number of people …

Hosting Provider SmarterASP.NET Taken Down by Ransomware

Over the weekend, SmarterASP.NET was hit by ransomware, ZDNet reports.   The company confirmed the attack in a status report, saying: “Your hosting account was under attack and hackers have encrypted all your data. We are now working with security experts to try to decrypt your data and also to make sure this would never happen …

Capital One Replaces CISO After Data Breach

In July, Capital One suffered a massive data breach that exposed the personal information of over 100 million customers.   Now, four months later, Capital One has replaced its CISO, Michael Johnson.   In a statement, a spokesperson for the company said, Johnson — who has been CISO since 2017 — is “moving from his role as …

Ryuk Operators Add New Features to the Ransomware

New upgrades have been added to Ryuk ransomware.   According to researchers at CrowdStrike, one new feature attempts to wake local area network hosts that are in standby power mode by sending them a wake-on-LAN (WoL) magic packet. Another feature reads entries in the host address resolution protocol (ARP) cache and sends a WoL magic packet …