Security News

The Six Million Dollar Scam: London cops probe Travelex cyber-ransacking amid reports of £m ransomware demand, wide-open VPN server holes
2020-01-08 06:03

More than a week after its website and online services were taken offline by malware, foreign currency super-exchange Travelex continues to battle through what has become an increasingly damaging outage that may have unpatched VPN servers at its heart. While the capital's cops declined to name a specific victim, a spokesperson told us: "On Thursday, 2 January the Met's Cyber Crime Team were contacted with regards to a reported ransomware attack involving a foreign currency exchange. Enquiries into the circumstances are ongoing."

Patch or Perish: VPN Servers Hit by Ransomware Attackers
2020-01-07 12:48

On Saturday, Troy Mursch of Chicago-based threat intelligence firm Bad Packets reported that his internet scans have identified 3,825 Pulse Secure VPN servers that remain at risk because they have not been updated with a patch to fix a critical vulnerability, designated CVE-2019-1150. The patch for Pulse Secure VPN servers - as with critical patches for VPN servers built by Fortinet and Palo Alto that have also required updates to fix serious flaws since last year - has been available for months.

Malware Infects Small Hospital's Medical Imaging Server
2020-01-03 21:33

A breach stemming from malware infecting a medical imaging server at a small, rural New Mexico hospital serves as a reminder of medical equipment data security and privacy vulnerabilities and risks faced by facilities of all sizes. While Roosevelt General says in its statement that the malware infecting a digital imaging server did not affect EHRs, the risk of medical device security incidents also affecting records systems is a growing worry, some experts say.

Top 10 Breaches and Leaky Server Screw Ups of 2019
2019-12-26 14:00

2019 was a banner year for data exposures, with billions of people affected by cloud misconfigurations, hacks and poor security practices in general. Here's the Threatpost Top 10 for data-breach...

Chinese e-commerce site LightInTheBox.com bared 1.3TB of server logs, user data and more
2019-12-16 14:04

Things you don't do with Elasticsearch dbs, number 1: Put them on the web Exclusive Infosec researchers have uncovered a data breach affecting 1.3TB of web server log entries held by Chinese...

Server market revenue declines 6.7% year over year
2019-12-10 04:30

Vendor revenue in the worldwide server market declined 6.7% year over year to $22.0 billion during the third quarter of 2019 (3Q19), according to IDC. Worldwide server shipments declined 3.0% year...

Critical Flaw in GoAhead Web Server Could Affect Wide Range of IoT Devices
2019-12-04 04:48

Cybersecurity researchers today uncovered details of two new vulnerabilities in the GoAhead web server software, a tiny application widely embedded in hundreds of millions of Internet-connected...

Critical Code Execution Vulnerability Found in GoAhead Web Server
2019-12-03 13:50

Cisco Talos researchers have identified two vulnerabilities in the GoAhead embedded web server, including a critical flaw that can be exploited for remote code execution. read more

Data on 1.2 Billion Users Found in Exposed Elasticsearch Server
2019-11-25 12:31

An exposed Elasticsearch server was found to contain data on more than 1.2 billion people, Data Viper security researchers report. The server was accessible without authentication and it contained...

Cyberattack Hit 10% of Louisiana's State Government Servers
2019-11-25 09:36

One in ten of Louisiana’s 5,000 computer network servers that power operations across state government were damaged by this week’s cyberattack, a key technology official told lawmakers Friday. read more