Security News > 2021

Manga scanlation site MangaDex disclosed a data breach last week after learning that the site's user database was privately circulating among threat actors. In March, MangaDex was hacked, and a threat actor claimed to have stolen the site's source code and its database, which they said had not been published anywhere.

Cyber hygiene and patch management company Automox on Tuesday announced raising $110 million in a Series C funding round that brings the total raised by the firm to more than $152 million. The money will be invested in sales and expanding the functionality of Automox's endpoint management platform.

Two email campaigns discovered by Armorblox impersonated Chase in an attempt to steal login credentials. In a new report released Tuesday, email security provider Armorblox looked at two recent phishing campaigns aimed at Chase Bank customers and offered advice on how to protect yourself from such scams.

Adobe this week announced the open-source availability of 'One-Stop Anomaly Shop', a new tool designed to help security teams discover anomalies in datasets. Building on previous research, white papers, and other projects from Adobe's Security Intelligence Team, OSAS out-of-the-box allows researchers to experiment with datasets, control data processing and feature combining, and help identify a solution for detecting security threats.

Power management solutions provider Eaton has released patches for its Intelligent Power Manager software to address several potentially serious vulnerabilities, including ones that researchers say could allow hackers to disrupt power supply. Eaton's IPM solution is designed to ensure system uptime and data integrity by allowing organizations to remotely monitor, manage and control the uninterruptible power supply devices on their network.

A report released Tuesday by cybersecurity provider BlackCloak describes how cybercriminals have been targeting the video game industry and key executives. Looking at 15 of the top 20 video game companies in the world, BlackCloak also found that C-suite executives were the most targeted in attacks that occurred over the past year.

Even worse, many ransomware gangs take the time to upload as much corporate data as they can before scrambling it, and they add this nasty detail into their blackmail notes. Many ransomware gangs run their very own "Negative PR" portals on the dark web, where they publish the confidential data of victims who don't pay, or blog about how bad their victims' cybersecurity was, or both.

A worldwide Microsoft Teams outage is blocking users from logging into their accounts, and preventing those already logged in from sending and receiving messages. The Microsoft 365 Service health status page is currently directing customers to the Microsoft 365 Status Twitter account for more details regarding this widespread incident.

Ransomware criminals have posted trophy pictures on their Tor blog after attacking the police force for US capital Washington DC. The Metropolitan Police Department said it was "Aware of unauthorised access on our server" and had engaged the FBI to investigate, according to BleepingComputer. Babuk, a relatively new ransomware gang, claimed credit for the attack and claimed to have stolen 250GB of files from the force.

Moxie Marlinspike has an intriguing blog post about Cellebrite, a tool used by police and others to break into smartphones. We found that it's possible to execute arbitrary code on a Cellebrite machine simply by including a specially formatted but otherwise innocuous file in any app on a device that is subsequently plugged into Cellebrite and scanned.