Security News

A threat actor has leaked the stolen email and mailing addresses for Ledger cryptocurrency wallet users on a hacker forum for free. Cybersecurity intelligence firm Cyble has shared the leaked file with BleepingComputer, and we have confirmed with Ledger owners that the data is accurate.

In a message to The Register, Kumar said that on November 19, 2019, he told SolarWinds "Their update server was accessible with the password 'solarwinds123' which is leaking in the public Github repo. They fixed the issue and replied to me on." Using the exposed account name and password, he was able to upload a file to prove the system was insecure, he said he wrote in his report to SolarWinds, adding that a hacker could use the credentials to upload a malicious executable and add it to a SolarWinds update.

Be careful what you wish for when running a hackathon, because one in Australia turned up a data breach in the trove of sample data offered to hackers. Flight Centre thought it had cleaned that dataset so that design jammers could see year of birth, postcode, gender and booking information, but no personal information.

Cybercriminals have been observed targeting a recently disclosed vulnerability in the GO SMS Pro messaging application to steal user data. Whenever a user attempts to send a media file, Trustwave's SpiderLabs security researchers discovered, the application would generate a URL that can be easily guessed and which does not require authentication to access the shared media.

Biomedical and clinical research company Miltenyi Biotec says that it has fully restored systems after a malware attack that took place last month and affected the firm's global IT infrastructure. "During the last two weeks, there have been isolated cases where order processing was impaired by malware in parts of our global IT infrastructure," Miltenyi Biotec said in an official statement.

A platform used by healthcare workers in the Philippines designed to share data about COVID-19 cases contained multiple flaws that exposed healthcare worker data and could potentially could have leaked patient data. The Citizen Lab's report is the latest example of how the COVID-19 pandemic has spurred a host of security problems for the healthcare sector to deal with - including securing data and ransomware attacks.

The DontTouchTheGreenButton.com website just launched by the Trump campaign in relation to the recently filed Arizona "Rejected votes" lawsuit was discovered to be leaking voter data. The data included the voter name, address, and a unique identifier.

A proxy request may contain the X-Forwarded-For or Via HTTP headers revealing the source device's IP address, and inform the destination that the request is coming from a proxy. Last month, Security researcher and podcast creator David Coomber found out that Applebot had been using a proxy that leaked Apple's internal IP addresses.

The DoppelPaymer ransomware gang has released unencrypted data stolen from Hall County, Georgia, during a cyberattack earlier this month. On October 7th, Hall County in Georgia announced that they had suffered a ransomware attack that impacted their networks and phone systems.

A former BAE Systems software engineer who allegedly leaked top-secret details about a frontline missile system also ignored orders from police to hand over passwords to his electronic devices, a court has heard. Simon Finch, of Swansea, is said by prosecutors to have emailed details of the unidentified missile system to nine separate addresses.