Security News

The OpenWrt project has revealed that an attacker has managed to access information about its online forum users over the weekend, by compromising the account of a forum administrator. The OpenWrt project oversees the development of OpenWrt, an open-source, Linux-based embedded operating system/firmaware for a variety of routers and gateways, which can also be used on smartphones, laptops and personal computers.

The OpenWRT forum, a large community of enthusiasts of alternative, open-source operating systems for routers, announced a data breach. Forum administrators posted the announcement in a high-visibility area, explaining what happened and the risks to users stemming from exposing their data.

In the aftermath of the SolarWinds hack, a better understanding of third-party hacks in any update that you provide to your colleagues, bosses, and even the board of directors may be warranted. Any such update that you provide on SolarWinds should certainly cover whether or not your organization is one of the 300,000 SolarWinds customers and whether or not you were one of the 18,000 or so that were using the specific version of Orion that was hacked.

Capcom, the game developer behind Resident Evil, Street Fighter and Dark Stalkers, now says its recent attack compromised the personal data of up to 400,000 gamers. A ransomware attack launched against gaming company Capcom last November keeps getting worse.

Capcom has released a new update for their data breach investigation and state that up to 390,000 people may now be affected by their November ransomware attack. On November 2nd, Capcom suffered a cyberattack by the Ragnar Locker ransomware operation who stated they stole 1TB of data from the company.

Security researchers successfully hacked the United Nations, accessing user credentials and personally identifiable information-including more than 100,000 private employee and project records-before informing the U.N. about the problem through the organization's vulnerability disclosure program. Ethical hackers from the research group Sakura Samurai used a vulnerability in a GitHub directory that exposed WordPress DB and GitHub credentials, allowing access to numerous private records from the U.N.'s Environment Program.

American technology company Ubiquiti this week revealed that one of its third-party cloud providers suffered a data breach. "We recently became aware of unauthorized access to certain of our information technology systems hosted by a third party cloud provider. We have no indication that there has been unauthorized activity with respect to any user's account," Ubiquiti said in a notification published on Monday.

American networking tech vendor Ubiquiti is asking customers to change their password because of unauthorized access to some of their information technology systems hosted by a third party cloud provider. "We cannot be certain that user data has not been exposed. This data may include your name, email address, and the one-way encrypted password to your account. The data may also include your address and phone number if you have provided that to us," the company explained in an online alert and and notification sent directly to users.

Networking device maker Ubiquiti has announced a security incident that may have exposed its customers' data. Ubiquiti is a very popular networking device manufacturer best known for its UniFi line of wired and wireless network products and a cloud management platform.

Today, researchers have responsibly disclosed a security vulnerability by exploiting which they could access over 100,000 private employee records of United Nations Environmental Programme. The data breach stemmed from exposed Git directories and credentials, which allowed the researchers to clone Git repositories and gather a large amount of personally identifiable information associated with UNEP employees.