Microsoft Bug Allowed Hackers to Breach Over Two Dozen Organizations via Forged Azure AD Tokens
Microsoft on Friday said a validation error in its source code allowed for Azure Active Directory (Azure AD) tokens to be forged by a malicious actor known as Storm-0558 using a Microsoft account (MSA) consumer signing key to breach two dozen organizations. “Storm-0558 acquired an inactive MSA consumer signing key and used it to forge authentication tokens […]
Tax preparation firms shared sensitive information with Meta
A group of seven US senators has sent a letter to the heads of the IRS, the Department of Justice, the Federal Trade Commission and the IRS watchdog, revealing that they have found evidence that reveals “a shocking breach of taxpayer privacy by tax prep companies and by Big Tech firms.” According to the letter, […]
Ransomware making big money through “big game hunting”
Ransomware generates big money for the groups behind it, with new research confirming (some) of the scale of the problem. Chainalysis, a blockchain research firm, looked at data from monitored cryptocurrency wallets, concluding that around $449 million has been taken from victims in the last six months. As The Record correctly notes, the actual figure […]
Teenagers Face Trial for Hacking BT, Nvidia, Rockstar Games, Revolut, Uber
By Waqas Both teenagers, who are on trial in the United Kingdom, have been accused of being associated with the infamous Lapsus$ hacking group. This is a post from HackRead.com Read the original post: Teenagers Face Trial for Hacking BT, Nvidia, Rockstar Games, Revolut, Uber
Fake TeamViewer Installer Used to Deliver njRAT Malware
By Habiba Rashid A fake and malicious version of TeamViewer is being pushed as legitimate, which in reality infects devices with njRAT Malware (aka Bladabindi). This is a post from HackRead.com Read the original post: Fake TeamViewer Installer Used to Deliver njRAT Malware
Critical Security Flaws Uncovered in Honeywell Experion DCS and QuickBlox Services
Multiple security vulnerabilities have been discovered in various services, including Honeywell Experion distributed control system (DCS) and QuickBlox, that, if successfully exploited, could result in severe compromise of affected systems. Dubbed Crit.IX, the nine flaws in the Honeywell Experion DCS platform allow for “unauthorized remote code execution, which means an attacker would have
BreachForums’ Pompompurin Pleads Guilty to Holding Child Abuse Content
By Waqas According to court documents, devices owned by Pompompurin contained 600 explicit images of child abuse, which led him to plead guilty in court. This is a post from HackRead.com Read the original post: BreachForums’ Pompompurin Pleads Guilty to Holding Child Abuse Content
Defend Against Insider Threats: Join this Webinar on SaaS Security Posture Management
As security practices continue to evolve, one primary concern persists in the minds of security professionals—the risk of employees unintentionally or deliberately exposing vital information. Insider threats, whether originating from deliberate actions or accidental incidents, pose a significant challenge to safeguarding sensitive data. To effectively address insider risks, organizations must
AIOS WordPress Plugin Faces Backlash for Storing User Passwords in Plain Text
All-In-One Security (AIOS), a WordPress plugin installed on over one million sites, has issued a security update after a bug introduced in version 5.1.9 of the software caused users’ passwords being added to the database in plaintext format. “A malicious site administrator (i.e. a user already logged into the site as an admin) could then […]
Zimbra Warns of Critical Zero-Day Flaw in Email Software Amid Active Exploitation
Zimbra has warned of a critical zero-day security flaw in its email software that has come under active exploitation in the wild. “A security vulnerability in Zimbra Collaboration Suite Version 8.8.15 that could potentially impact the confidentiality and integrity of your data has surfaced,” the company said in an advisory. It also said that the issue has […]