Clubhouse denies it was ‘breached’ and says the data is out there for anyone to grab.
Clubhouse, the startup invitation-only chat app, is the latest social-media platform to see mammoth troves of user data collected and posted in underground forums. An SQL file containing the personal data of 1.3 million Clubhouse users has been posted in a hacker forum for free.
Names, user IDs, photo URL, number of followers, Twitter and Instagram handles, dates that accounts were created and even the profile information of who invited them to the app are among the information contained in the database, according to CyberNews, giving threat actors key information which can be used against victims in phishing and other socially engineered scams.
minute read
Share this article:
An estimated 32 million, of the half-billion of Facebook account details posted online, were tied to US-based accounts.
More than 533 million Facebook users had their personal information posted to a public hacker forum, a move that is raising concerns about an uptick in cybercrime leveraging the credentials.
The publicly released Facebook user data is believed to be part of a 2019 “Add Friend” Facebook security bug exploited by hackers at the time. The flaw allowed criminals to siphon hundreds of millions of member account details from Facebook and sell them to the highest bidder on illicit online markets.
minute read
Share this article:
Aamir Lakhani, cybersecurity researcher for Fortinet’s FortiGuard Labs, discusses criminals flocking to web server and browser attacks, and what to do about it.
Smart cybercriminals are going after web servers and browsers, more so than after individuals. Unfortunately, these types of attacks often go ignored, as they’re harder to test for (in terms of pen-testing).
With much of the world now working remotely, this threat has intensified. Attackers use email, instant messages, SMS messages and links on social networking to trick at-home workers into installing malware that leads to identity theft, loss of property and, possibly, entry into the corporate network. Phishing attacks may lead users to fake sites or landing pages, with the same intent.
Researchers said the FoundCore malware represents a big step forward when it comes to evasion.
An advanced cyberespionage campaign targeting government and military entities in Vietnam has been discovered that delivered a remote-access tool (RAT) for carrying out espionage operations, researchers said.
Further analysis suggested that this campaign was conducted by a group related to a Chinese-speaking advanced persistent threat (APT) known as Cycldek (a.k.a. Goblin Panda, APT 27 and Conimes), according to Kaspersky researchers, who added that the group has been active since at least 2013.
The malware used in the campaign, dubbed FoundCore, allows attackers to conduct filesystem manipulation, process manipulation, screenshot captures and arbitrary command execution.
minute read
Share this article:
The researcher is offering details on CVE-2020-9922, which can be triggered just by sending a target an email with two .ZIP files attached.
A zero-click security vulnerability in Apple’s macOS Mail would allow a cyberattacker to add or modify any arbitrary file inside Mail’s sandbox environment, leading to a range of attack types.
According to Mikko Kenttälä, founder and CEO of SensorFu, exploitation of the bug could lead to unauthorized disclosure of sensitive information to a third party; the ability to modify a victim’s Mail configuration, including mail redirects which enables takeover of victim’s other accounts via password resets; and the ability to change the victim’s configuration so that the attack can propagate to correspondents in a worm-like fashion.