Earlier this year, Twitter confirmed that an API vulnerability had caused a massive data leak containing non-public information for over 5.4 million Twitter users. Twitter denied claims that hackers had leaked the private information priorly. However, Pompompurin, the owner of the hacking forum Breached, stated they were responsible for exploiting …
Phishing-as-a-Service on the Rise with Caffeine
Threat actors may now launch their own sophisticated assaults thanks to the emergence of Phishing as a Service (PhaaS) platforms like “Caffeine.” Through an open registration procedure, anyone who wishes to launch their phishing campaign can sign up on these platforms. Security experts at Mandiant discovered the first sighting of …
Vice Society Claims Cincinnati State College Cyberattack
Data allegedly stolen from Cincinnati State Technical and Community College has been leaked after Vice Society attacked the campus. Many of the stolen documents were posted on the hackers’ websites. These documents date from several years ago until November 24, 2022, suggesting that threat actors still have access to the …
Hackers Execute Arbitrary Code with Microsoft Office
According to cybersecurity experts at Cisco Talos, Microsoft Office has a high-severity vulnerability that could allow prospective cyber attackers to execute malicious code on the target device remotely. Microsoft announced the issue in a brief blog post, stating that its researcher Marcin ‘Icewall’ Noga had identified a class attribute double-free …
Malicious SEO Campaign Affects Thousands of Sites
In a massive malicious SEO campaign, cybercriminals are promoting low-quality Q&A sites by redirecting visitors to fake discussion forums. As a result, almost 15,000 sites have been compromised. In September 2022, researchers at Sucuri discovered the attacks. Each compromised site was found to contain approximately 20,000 files that were utilized …
Phishing Kit Targets US Shoppers
Security experts at Akamai have discovered a campaign that uses an elaborate phishing kit. This campaign targets Americans using lures centered around holidays like Labor Day and Halloween. The kit combines several methods and employs several evasion detection techniques to prevent non-victims from visiting its phishing pages. One of the …
Lenovo Patches Critical Security Flaws
Lenovo reports that it has patched two critical security flaws that affected several of its ThinkBook, IdeaPad, and Yoga laptops. Lenovo is also recommending that consumers update their systems immediately. The flaws make it possible for cybercriminals to deactivate the UEFI Secure Boot tool, allowing them to load and run …
Bypass Android Lock Screen on Pixel and Other Devices
David Schütz, a cybersecurity researcher, inadvertently discovered a means to circumvent the lock screen on his fully updated Google Pixel 6 and Pixel 5 devices, allowing anybody with physical access to the smartphone to unlock it. Bypassing the lock screen on Android smartphones is a straightforward five-step method that should …
Recent Growth of Fake LinkedIn Accounts
According to a KrebsOnSecurity article, the recent growth of phony LinkedIn accounts is causing an identity crisis for the business networking site and organizations that rely on it to hire and evaluate new workers. The fake LinkedIn profiles, created with content stolen from authentic accounts and AI-generated profile pictures, are …
SaaS Phishing Attacks Are Increasing
It’s getting easier than ever to conduct effective phishing campaigns thanks to the rise in popularity of SaaS platforms. A recently published report released by Palo Alto Networks’ Unit 42 revealed that the use of Software as a Service to conduct phishing attacks has surged by an incredible 1,100 percent …