Hackers Breach 3.5 Million MobiFriends Dating App Credentials
The emails, hashed passwords and usernames of 3.5 million users of the dating app MobiFriends were put up for sale on an underground forum.
Report: Microsoft’s GitHub Account Gets Hacked
The Shiny Hunters hacking group said it stole 500 GB of data from the tech giant’s repositories on the developer platform, which it owns.
Naikon’s Aria
Our colleagues at Checkpoint put together a fine research writeup on some Naikon resources and activity related to “aria-body” that we detected in 2017 and similarly reported in 2018. To supplement their research findings, we are summarizing and publishing portions of the findings reported in our June 2018 “Naikon’s New AR Backdoor Deployment to Southeast…
Podcast: Shifting Cloud Security Left With Infrastructure-as-Code
Companies are looking to “shift left” with Infrastructure-as-Code (IaC) security capabilities to improve developer productivity, avoid misconfigurations and prevent policy violations.
Blue Mockingbird Monero-Mining Campaign Exploits Web Apps
The cybercriminals are using a deserialization vulnerability, CVE-2019-18935, to achieve remote code execution before moving laterally through the enterprise.
Cisco Fixes High-Severity Flaws In Firepower Security Software, ASA
Cisco has fixed 12 high-severity flaws in its Adaptive Security Appliance software and Firepower Threat Defense software.
Zoom Beefs Up End-to-End Encryption to Thwart ‘Zoombombers’
As the company continues to battle security woes, it has acquired Keybase to boost security and privacy. A full cryptographic draft architecture will be available on May 22.
Hackers Dumpster Dive for Taxpayer Data in COVID-19 Relief Money Scams
Threat actors are buying and selling taxpayer data on hacker forums as well as using phishing and other campaigns to steal various U.S. government payouts.
Naikon APT Hid Five-Year Espionage Attack Under Radar
The Chinese APT has been discovered behind a five-year espionage campaign that compromises government servers – and uses that as leverage for other attacks.
Lazarus Group Hides macOS Spyware in 2FA Application
The Dacls RAT has been ported from an existing Linux version.