Security News

Thousands of unpatched VMware ESXi servers hit by ransomware via old bugLate last week, unknown attackers launched a widespread ransomware attack hitting VMware ESXi hypervisors via CVE-2021-21974, an easily exploitable vulnerability that allows them to run exploit code remotely, without prior authentication. Reddit breached: Internal docs, dashboards, systems accessedPopular social news website and forum Reddit has been breached and the attacker "Gained access to some internal docs, code, as well as some internal dashboards and business systems," but apparently not to primary production systems and user data.

Popular social media site Reddit - "Orange Usenet with ads", as we've somewhat ungraciously heard it described - is the latest well-known web property to suffer a data breach in which its own source code was stolen. Reddit systems were hacked as a result of a sophisticated and highly-targeted phishing attack.

Popular social news website and forum Reddit has been breached and the attacker "Gained access to some internal docs, code, as well as some internal dashboards and business systems," but apparently not to primary production systems and user data."Exposure included limited contact information for company contacts and employees, as well as limited advertiser information. Based on several days of initial investigation by security, engineering, and data science, we have no evidence to suggest that any of your non-public data has been accessed, or that Reddit's information has been published or distributed online," said Reddit CTO Christopher Slowe, who goes online by the handle "KeyserSosa".

Popular social news aggregation platform Reddit has disclosed that it was the victim of a security incident that enabled unidentified threat actors to gain unauthorized access to internal documents, code, and some unspecified business systems. The company blamed it on a "Sophisticated and highly-targeted phishing attack" that took place on February 5, 2023, targeting its employees.

Colourful web forum Reddit has revealed it has suffered a security breach. Here's what we know Reddit's founding engineer and CTO "KeyserSosa" - aka Christopher Slowe - explained that late on February 5th "We became aware of a sophisticated phishing campaign that targeted Reddit employees."

Reddit suffered a cyberattack Sunday evening, allowing hackers to access internal business systems and steal internal documents and source code. The company says the hackers used a phishing lure targeting Reddit employees with a landing page impersonating its intranet site.

China's internet regulator, the Cyberspace Administration of China, has taken unusually strong action against a social network that has long been considered a thorn in the side of the nation's elites. In the years since its 2005 founding, the site has become known for attracting users who express opinions that China's government may well find displeasing.

While an investigation is ongoing as to what the reason behind the outage might be, Fastly CDN has been seen as the common link. Many of the impacted websites on the list rely on Fastly CDN to serve content, as noted by BleepingComputer.

Reddit this week announced the launch of a public bug bounty program on the vulnerability hunting platform HackerOne. Following a three-year private bug bounty program on HackerOne, which has resulted in over $140,000 being awarded in bug bounties for 300 vulnerability reports focusing on reddit.com, the program is going public with an expanded scope.

Social news community site Reddit announced on Monday that it has hired Allison Miller as Chief Information Security Officer and VP of Trust. Miller joins Reddit from Bank of America where she most recently served as SVP Technology Strategy & Design, and had been overseeing technology design and engineering delivery for the bank's information security organization.