Security News

Researchers have disclosed the details of a new speculative execution attack affecting many Intel processors, and they say this is the first vulnerability of this kind that allows hackers to obtain sensitive information across the cores of a CPU. The vulnerability was discovered by a team of researchers from Vrije Universiteit Amsterdam in the Netherlands and ETH Zurich in Switzerland. They initially reported their findings to Intel in September 2018 and nearly one year later they informed the tech giant about the possibility of cross-core leaks.

The cybercriminals behind the recent attack on Elexon, which manages the electricity market in the United Kingdom, have started leaking data allegedly stolen from the company. Elexon revealed in mid-May that its IT systems were targeted in a cyberattack, but it did not provide any additional details.

Japan is investigating a possible leak of data including details of a prototype missile in a massive cyberattack earlier this year on Mitsubishi Electric Corp., officials said Wednesday. The suspected leak involves sensitive information about a prototype of a cutting-edge high speed gliding missile intended for deployment for the defense of Japan's remote islands amid China's military assertiveness in the region.

Last week we had the story of miscreants stealing a massive trove of data from the computers of an American law firm representing a galaxy of showbiz stars. Red teams rejoice! Microsoft has released an offensive security tool called Stormspotter that identifies potential weaknesses in an organization's Azure deployments - which a miscreant could exploit to gain access to data or drill further into a network.

Last week we had the story of miscreants stealing a massive trove of data from the computers of an American law firm representing a galaxy of showbiz stars. Red teams rejoice! Microsoft has released an offensive security tool called Stormspotter that identifies potential weaknesses in an organization's Azure deployments - which a miscreant could exploit to gain access to data or drill further into a network.

Comparitech security researchers have discovered that thousands of Android applications distributed through Google Play leak sensitive information due to Firebase misconfigurations. Overall, 4.8% of all mobile apps using Firebase are believed to be leaking personal information, access tokens, and other types of data.

With so many people working from home, it should come as no surprise that WebEx accounts have become a target for phishing. A stolen account would let an attacker potentially spy on company meetings and social engineer further accounts and data thefts.

DigitalOcean, one of the biggest modern web hosting platforms, recently hit with a concerning data leak incident that exposed some of its customers' data to unknown and unauthorized third parties. According to the breach notification email that affected customers [1, 2] received, the data leak happened due to negligence where DigitalOcean 'unintentionally' left an internal document accessible to the Internet without requiring any password.

DigitalOcean, one of the biggest modern web hosting platforms, recently hit with a concerning data leak incident that exposed some of its customers' data to unknown and unauthorized third parties. According to the breach notification email that affected customers [1, 2] received, the data leak happened due to negligence where DigitalOcean 'unintentionally' left an internal document accessible to the Internet without requiring any password.

Adult live-streaming site CAM4 has spilt millions of users' private chats, emails, names, email addresses, sexual preferences, password hashes, IP addresses and more. A streaming site for amateurs to watch live, explicit performances, it offers customers the ability to buy virtual tokens if they want to tip performers or watch private shows.