Security News

CrossTalk: First Speculative Execution Attack Allowing Data Leaks Across Intel CPU Cores
2020-06-10 11:53

Researchers have disclosed the details of a new speculative execution attack affecting many Intel processors, and they say this is the first vulnerability of this kind that allows hackers to obtain sensitive information across the cores of a CPU. The vulnerability was discovered by a team of researchers from Vrije Universiteit Amsterdam in the Netherlands and ETH Zurich in Switzerland. They initially reported their findings to Intel in September 2018 and nearly one year later they informed the tech giant about the possibility of cross-core leaks.

Hackers Leak Data Stolen From UK Electricity Market Administrator Elexon
2020-06-02 08:32

The cybercriminals behind the recent attack on Elexon, which manages the electricity market in the United Kingdom, have started leaking data allegedly stolen from the company. Elexon revealed in mid-May that its IT systems were targeted in a cyberattack, but it did not provide any additional details.

Japan Suspects Missile Data Leak in Mitsubishi Cyberattack
2020-05-20 14:22

Japan is investigating a possible leak of data including details of a prototype missile in a massive cyberattack earlier this year on Mitsubishi Electric Corp., officials said Wednesday. The suspected leak involves sensitive information about a prototype of a cutting-edge high speed gliding missile intended for deployment for the defense of Japan's remote islands amid China's military assertiveness in the region.

I know what you leased last summer: Asset database leak hits Capita, Rolls-Royce, Tesco (every little helps, eh?)
2020-05-18 07:58

Last week we had the story of miscreants stealing a massive trove of data from the computers of an American law firm representing a galaxy of showbiz stars. Red teams rejoice! Microsoft has released an offensive security tool called Stormspotter that identifies potential weaknesses in an organization's Azure deployments - which a miscreant could exploit to gain access to data or drill further into a network.

I know what you leased last summer: Asset database leak hits Capita, Rolls-Royce, Tesco (every little helps, eh?)
2020-05-18 07:58

Last week we had the story of miscreants stealing a massive trove of data from the computers of an American law firm representing a galaxy of showbiz stars. Red teams rejoice! Microsoft has released an offensive security tool called Stormspotter that identifies potential weaknesses in an organization's Azure deployments - which a miscreant could exploit to gain access to data or drill further into a network.

Thousands of Android Apps Leak Data Due to Firebase Misconfigurations
2020-05-13 08:31

Comparitech security researchers have discovered that thousands of Android applications distributed through Google Play leak sensitive information due to Firebase misconfigurations. Overall, 4.8% of all mobile apps using Firebase are believed to be leaking personal information, access tokens, and other types of data.

Mama mia! Nintendo in need of a plumber after leak sprays N64, GameCube, Wii code
2020-05-11 11:43

With so many people working from home, it should come as no surprise that WebEx accounts have become a target for phishing. A stolen account would let an attacker potentially spy on company meetings and social engineer further accounts and data thefts.

DigitalOcean Data Leak Incident Exposed Some of Its Customers Data
2020-05-08 15:03

DigitalOcean, one of the biggest modern web hosting platforms, recently hit with a concerning data leak incident that exposed some of its customers' data to unknown and unauthorized third parties. According to the breach notification email that affected customers [1, 2] received, the data leak happened due to negligence where DigitalOcean 'unintentionally' left an internal document accessible to the Internet without requiring any password.

DigitalOcean Data Leak Incident Exposed Some of Its Customers Data
2020-05-08 15:03

DigitalOcean, one of the biggest modern web hosting platforms, recently hit with a concerning data leak incident that exposed some of its customers' data to unknown and unauthorized third parties. According to the breach notification email that affected customers [1, 2] received, the data leak happened due to negligence where DigitalOcean 'unintentionally' left an internal document accessible to the Internet without requiring any password.

Adult live-streaming site CAM4 leaks millions of emails, private chats
2020-05-06 10:59

Adult live-streaming site CAM4 has spilt millions of users' private chats, emails, names, email addresses, sexual preferences, password hashes, IP addresses and more. A streaming site for amateurs to watch live, explicit performances, it offers customers the ability to buy virtual tokens if they want to tip performers or watch private shows.