Security News

Note that it's more than just One Safe Internet Day, where you spend 24 hours taking security seriously, only to fall back on bad habits the day after. As the old saying goes, "Cybersecurity is a journey, not a destination," and that's why we have SAFER internet day - it's all about getting BETTER at cybersecurity, no matter how safe you think you are already.

Over the weekend, an extensive disruption to Iran's telecommunication networks knocked out about 25 percent of the country's internet service for several hours, according to NetBlocks, a nonprofit organization that tracks internet freedom across the globe. The disruption, which took place at about 11:45 a.m. local time Saturday, caused an initial outage of cellular and fixed-line services in Iran for nearly an hour, with the country only able to partially recover its full internet service several hours after the incident, NetBlocks says.

Iran repelled a cyberattack on Saturday that disrupted the country's internet services for an hour, a telecommunications ministry official said. "At 11:44 a distributed denial-of-service attack disrupted the internet services of some mobile and fixed operators for an hour," tweeted Sajad Bonabi.

A 29-year-old Russian scumbag has admitted masterminding the Cardplanet underworld marketplace as well as a second forum for elite fraudsters. Aleksei Burkov appeared in a US federal district court in Virginia this week to plead guilty [PDF] to access device fraud, and conspiracy to commit computer intrusion, identity theft, wire and access device fraud, and money laundering.

Five identical Elasticsearch databases containing 250 million records of Microsoft customer support incidents were exposed on the internet for all to see for at least two days right at the end of 2019. What data was published? These are logs of customer service and support interactions between 2005 and now.

ACROS Security's 0patch service on Tuesday released an unofficial fix for CVE-2020-0674, a recently disclosed vulnerability in Internet Explorer that has been exploited in targeted attacks. Microsoft informed customers last Friday that Internet Explorer is affected by a zero-day vulnerability.

Microsoft says it's prepping a patch to fix a memory corruption flaw in multiple versions of Internet Explorer that is being exploited by in-the-wild attackers. The flaw, which exists in a scripting engine built into Internet Explorer, could be exploited by attackers to remotely execute code of their choosing, Microsoft says.

Microsoft announced on Friday that it's in the process of developing a patch for a zero-day vulnerability in Internet Explorer that has been exploited in targeted attacks, reportedly by a threat group tracked as DarkHotel. According to Microsoft, the vulnerability can be exploited for remote code execution in the context of the targeted user.

Microsoft let slip on Friday an advisory detailing an under-attack zero-day vulnerability for Internet Explorer. In brief... A poorly configured Elasticsearch database left an app's baby photos and videos accessible from the public internet.

A pair of misconfigured cloud-hosted file silos have left thousands of peoples' sensitive info sitting on the open internet. The latest demonstration of this comes from eggheads at VPNmentor, who this week said they found two open AWS S3 buckets, one belonging to a UK consulting firm and another run by an adult webcam host.