Security News

Animal Jam, just the latest in a string of attacks on gaming apps, has adopted a transparent communications strategy after stolen data turned up on a criminal forum. The company behind the wildly popular kids' game Animal Jam has announced that hackers stole a menagerie of account records during a breach of a third-party vendor's server in October - more than 46 million of them, in fact.

Bug bounty hunters have hacked routers, network-attached storage devices and smart TVs at the Zero Day Initiative's Pwn2Own Tokyo 2020 hacking competition. Due to the COVID-19 pandemic, the competition has been turned into a virtual event and Pwn2Own Tokyo is actually coordinated by Trend Micro's ZDI from Toronto, Canada, with participants demonstrating their exploits remotely.

Multiple software products from Adobe, Apple, Google, Microsoft, Mozilla, and Samsung were successfully pwned with previously unseen exploits in Tianfu Cup 2020, the third edition of the international cybersecurity contest held in the city of Chengdu, China. "Many mature and hard targets have been pwned on this year's contest," the event organizers said.

Bug bounty hunters hacked a NETGEAR router and a Western Digital network-attached storage device on the first day of the Zero Day Initiative's Pwn2Own Tokyo 2020 hacking competition. On the first day of the event, the NETGEAR Nighthawk R7800 router was targeted by Team Black Coffee, Team Flashback, and teams from cybersecurity firms Starlabs and Trapa Security.

GitHub's CEO has denied that the site's source code was posted to GitHub. News of the supposed leak and posting came from a site called Resynth that linked to a Wayback Machine snapshot of a GitHub repo that purported to be the work of GitHub CEO Nat Friedman and was labelled "This is GitHub.com and GitHub Enterprise."

Precious metal online retailer JM Bullion has disclosed a data breach after their site was hacked to include malicious scripts that stole customers' credit card information. JM Bullion is an online retailer of gold, silver, copper, platinum, and palladium products, including coins and bullion.

Microsoft disclosed today that Iranian state-sponsored hackers successfully hacked into the email accounts of multiple high-profile individuals and potential attendees at this year's Munich Security Conference and the Think 20 summit. "The attacks were successful in compromising several victims, including former ambassadors and other senior policy experts who help shape global agendas and foreign policies in their respective countries," Tom Burt, Corporate Vice President for Customer Security & Trust at Microsoft said earlier today.

Donald Trump's Twitter password was easily guessed, and he still isn't using multi-factor authentication, claims a Dutch hacker who on Thursday bragged he broke into the President's account last week. Twitter was having none of it, though: the password guessing nor the link posting.

Dutch ethical hacker Victor Gevers claims it only took five attempts to guess the password to President Donald Trump's Twitter account - "Maga2020!". Twitter Safety & 2FA. Twitter said it is dubious about the report.

Over the past two weeks, Sam's Club has started sending automated password reset emails and security notifications to customers who were hacked in credential stuffing attacks. In emails sent out to Sam's Club members, and seen by BleepingComputer, the company is alerting members that an unauthorized party may have gained access to their accounts.