Chinese threat actors extract big data and sell it on the dark web Data Breach by Steve Zurier - April 19, 20210 A sign is posted on the exterior of Twitter headquarters on April 26, 2017 in San Francisco, California. Among the incidents data stolen by Chinese hackers involved a Twitter database. (Photo by Justin Sullivan/Getty Images) Researchers on Monday reported that cybercriminals are taking advantage of China’s push to become a leader
Google won’t reveal technical details on patches for 30 days if vendors hit deadlines Data Breach by Steve Zurier - April 17, 20210 The Google logo adorns the outside of the Google building in New York City. Google’s Project Zero on Thursday said it won’t share technical details of a vulnerability for 30 days if a vendor patches it before the 90-day or 7-day deadline set by Google.(Drew Angerer/Getty Images) Google’s Project Zero on
Hack The Box looks to expand in America, add new functions to ‘hacking experiences’ suite Data Breach by Steve Zurier - April 15, 20210 Hack The Box founders James Hooker, Haris Pylarinos, and Aris Zikopoulos. Following its announcement of $10.6 million in Series A funding earlier this week, U.K.-based Hack The Box has ambitious plans for the future – and opening a new office in the United States tops the list. Hack The Box claims to
Reddit takes bug bounty program public Data Breach by Steve Zurier - April 14, 20210 Alexis Ohanian, co-founder and executive chairman of Reddit, attends the WORLDZ Cultural Marketing Summit 2017 in Los Angeles. (Jerod Harris/Stringer) Reddit announced Wednesday that it is taking its bug bounty program public. The popular social news site and community forum platform has run a private program with HackerOne for the past
Attacker hacked one Microsoft Exchange server to gain access to others Data Breach by Steve Zurier - April 13, 20210 Microsoft prepares for a news conference t in Los Angeles, California. (Photo by Kevork Djansezian/Getty Images) Researchers on Tuesday reported that an unknown attacker hacked one Microsoft Exchange server as a means to install a malicious Monero cryptominer onto other Exchange servers to gain access. The news came the same day Microsoft
61 percent of employees fail basic cybersecurity quiz Data Breach by Steve Zurier - April 13, 20210 Seen here, training underway through NIST’s National Initiative for Cybersecurity Careers & Studies. Nearly 70 percent of employees polled in a new survey said they recently received cybersecurity training from their employers, yet 61 percent nevertheless failed when asked to take a basic quiz on the topic.(NIST) Nearly 70% of employees
LinkedIn confirms leak of 500 million profiles online, maintains incident was not a breach Data Breach by Steve Zurier - April 9, 20210 A sign is posted in front of the LinkedIn headquarters in Mountain View, California. (Photo by Justin Sullivan/Getty Images) LinkedIn confirmed Thursday that 500 million LinkedIn profiles was put on sale on a hacker forum. Cybernews first broke the news, reporting that the hacker leaked four files that contained the full names,
Hackers hit nine countries, expose 623,036 payment card records Data Breach by Steve Zurier - April 9, 20210 A sign showing credit card logos is seen outside of a bank. user data of the Swarmshop card shop – which trades in stolen personal and payment records – was leaked online on March 17 and posted on a different underground forum. (Photo by Justin Sullivan/Getty Images) Hackers are hacking hackers.
Threat actors targeted Slack and Discord as the pandemic raged on Data Breach by Steve Zurier - April 8, 20210 A pedestrian walks past a Slack logo outside its headquarters on December 1, 2020 in San Francisco, California. Collaborative tools proved an easy target for hackers during the pandemic. (Photo by Stephen Lam/Getty Images) Researchers on Wednesday reported that as the pandemic continued this past year, threat actors adjusted to employee
Bug allows attackers to hijack Windows time sync software used to track security incidents Data Breach by Steve Zurier - April 7, 20210 A remote code execution vulnerability can let attackers hijack the update process of a popular Windows time synchronization software product – Greyware’s Domain Time II – by exploiting a man-on-the-side (MotS) vulnerability.. (Photo by Drew Angerer/Getty Images) Researchers at GRIMM on Tuesday said they found a remote code execution (RCE) vulnerability