Security News

Email security biz Mimecast not only fell victim to the SolarWinds hackers, leading to its own customers being attacked, it is also trimming its workforce amid healthy profits. Last month Mimecast revealed that one of its cryptographic certificates was purloined by the same team that smuggled a hidden backdoor into SolarWinds' Orion network monitoring software.

Reg reader Andy told us: "Got an email from SitePoint this morning saying that they had been hacked and some non-important stuff like names, email addresses, hashed passwords etc might have been stolen. Coincided with a big increase in spam that I've been getting but that's probably coincidence." An email sent to SitePoint users and seen by The Register confirmed the hack, though at the time of writing, the company has not published anything about it on its website or social media accounts.

Facebook told KrebsOnSecurity it seized hundreds of accounts - mainly on Instagram - that have been stolen from legitimate users through a variety of intimidation and harassment tactics, including hacking, coercion, extortion, sextortion, SIM swapping, and swatting. THE MIDDLEMEN. Facebook said it targeted a number of accounts tied to key sellers on OGUsers, as well as those who advertise the ability to broker stolen account sales.

Some commercial Nespresso machines in Europe that incorporate a smart card payment system can be manipulated to add unlimited funds to purchase coffee, thanks to reliance on technology that's been known to be insecure for more than a decade. In a coordinated vulnerability disclosure published this week, Polle Vanhoof, a security researcher, describes a vulnerability affecting unspecified Nespresso Pro machines equipped with a smart card reader: the problem? Some rely on outdated Mifare Classic smart cards.

The FBI has discovered that the National Finance Center, a U.S. Department of Agriculture federal payroll agency, was compromised by exploiting a SolarWinds Orion software flaw, according to a Reuters report. NFC provides human resources and payroll services to roughly 170 federal agencies and over 650,000 federal employees since 1973.

Here's our latest Naked Security Live talk, where we answer the thorny question, "What if my password manager gets hacked?". We often recommend password managers, as we did last week in our article Cybersecurity tips for university students.

The San Jose-based company said the attacks leveraged zero-day vulnerabilities in SonicWall secure remote access products such as NetExtender VPN client version 10.x and Secure Mobile Access that are used to provide users with remote access to internal resources. "Recently, SonicWall identified a coordinated attack on its internal systems by highly sophisticated threat actors exploiting probable zero-day vulnerabilities on certain SonicWall secure remote access products," the company exclusively told The Hacker News.

SonicWall is a well-known manufacturer of hardware firewall devices, VPN gateways, and network security solutions whose products are commonly used in SMB/SME and large enterprise organizations. On Friday night, SonicWall released an 'urgent advisory' stating that hackers used a zero-day vulnerability in their Secure Mobile Access VPN device and its NetExtender VPN client in a "Sophisticated" attack on their internal systems.

A hacker is selling a database with login details for two million high-paying users of the MyFreeCams adult video streaming and chat service. The seller says that they obtained the database recently, following a successful SQL injection attack and that it can be used to steal the funds of premium members.

It turns out people are more concerned about being hacked compared to acts of physical violence a la being murdered or mugged, according to a recent Atlas VPN post. Overall, nearly three-quarters of respondents said they worry frequently or occasionally about having their "Personal, credit card, or financial information stolen by computer hackers," while 12% of respondents said they never worry about this scenario.