Security News
Did Slack send you a password reset link last week? The company has admitted to accidentally exposing the hashed passwords of workspace users. Slack said only 0.5 percent of users were affected, which doesn't sound too terrible until you consider how many Slack users are out there.
Australian software firm Atlassian warned customers to immediately patch a critical vulnerability that provides remote attackers with hardcoded credentials to log into unpatched Confluence Server and Data Center servers. As the company revealed this week, the Questions for Confluence app creates a disabledsystemuser account with a hardcoded password to help admins migrate data from the app to the Confluence Cloud.
Details have emerged on how more than a billion personal records were stolen in China and put up for sale on the dark web, and it all boils down to a unprotected online dashboard that left the data open to anyone who could find it. The data collection included names, addresses, birthplaces, national ID numbers, cellphone numbers, and details of any related police records.
Emails between leading pro-Brexit figures in the UK have seemingly been stolen and leaked online by what could be a Kremlin cyberespionage team. The emails were uploaded to a.co.uk website titled "Very English Coop d'Etat," Reuters first reported this week.
A hacking group used the Conti's leaked ransomware source code to create their own ransomware to use in cyberattacks against Russian organizations. While it is common to hear of ransomware attacks targeting companies and encrypting data, we rarely hear about Russian organizations getting attacked similarly.
Spring released emergency updates to fix the 'Spring4Shell' zero-day remote code execution vulnerability, which leaked prematurely online before a patch was released. Yesterday, an exploit for a zero-day remote code execution vulnerability in the Spring Framework dubbed 'Spring4Shell' was briefly published on GitHub and then removed.
Nestlé, which is to stop selling KitKats and other brands in Russia, says corporate data leaked online this week by Anonymous was not stolen nor all that useful. Nestlé told The Register the data is not real or sensitive, wasn't stolen, and was accidentally leaked by itself via one of its own websites.
BleepingComputer compiled the newly released source code for Version 3 of Conti ransomware without any issues, successfully creating the gang's executables for encrypting and decrypting files. After analyzing the source code, Payload - a Polish magazine about offensive IT security - dismissed Version 3 as being a "Giant step back" from Version 2 in terms of code quality.
A Ukrainian security researcher has leaked newer malware source code from the Conti ransomware operation in revenge for the cybercriminals siding with Russia on the invasion of Ukraine. After the Conti Ransomware operation sided with Russia on the invasion of Ukraine, a Ukrainian researcher named 'Conti Leaks' decided to leak data and source code belonging to the ransomware gang out of revenge.
A Ukrainian security researcher has leaked newer malware source code from the Conti ransomware operation in revenge for the cybercriminals siding with Russia on the invasion of Ukraine. After the Conti Ransomware operation sided with Russia on the invasion of Ukraine, a Ukrainian researcher named 'Conti Leaks' decided to leak data and source code belonging to the ransomware gang out of revenge.