Search Results for “Sergiu Gatlan”


May 28, 2020
Sergiu Gatlan / Bleeping Computer

Sergiu Gatlan / Bleeping Computer  
HackerOne Reaches $100 Million White-Hat Hacker Bug Bounty Payout Milestone

Bug bounty platform HackerOne announced that it has paid out $100,000,000 in rewards to white-hat hackers around the world as of May 26, 2020. Since its first bounty award in 2013, HackerOne bug bounty hunters have found roughly 170,000 security vulnerabilities, according to the company’s CEO Mårten Mickos.

June 1, 2020
Sergiu Gatlan / Bleeping Computer

Sergiu Gatlan / Bleeping Computer  
Amtrak Says Unauthorized Party Gained Access to Its Guest Rewards Accounts, Personal Information May Have Been Viewed

In a data breach notice filed with Office of the Vermont Attorney General, Amtrak said that “On the evening of April 16, 2020, Amtrak determined that an unknown third party gained unauthorized access to certain Amtrak Guest Rewards accounts.” The U.S. railroad transportation company said it had determined compromised usernames and passwords were used to access certain accounts and some personal information may have been viewed. No financial data, credit card info, or Social Security numbers were compromised during this incident. Amtrak said it blocked the unauthorized third party from accessing the compromised Amtrak Guest Rewards accounts within a few hours after detecting suspicious activity.

June 10, 2020
Sergiu Gatlan / Bleeping Computer

Sergiu Gatlan / Bleeping Computer  
Facebook Sues Indian Domain Name Provider for Registering Names That Impersonate Company Apps

In a bid to prevent fraud and malicious use of its company and product names, Facebook filed a lawsuit against 12 domain names registered by Compsys Domain Solutions Private Ltd, an Indian provider of proxy/privacy services that impersonate Facebook apps and were allegedly used for malicious purposes. According to the social network’s IP Litigation Director and Associate General Counsel Christen Dubois, Compsys did not respond to any requests to clarify their intents. Among the domains targeted in the lawsuit are facebook-verify-inc.com, instagramhjack.com, and videocall-whatsapp.com.

June 16, 2020
Sergiu Gatlan / Bleeping Computer

Sergiu Gatlan / Bleeping Computer  
Chip Maker MaxLinear Got Hit by Maze Ransomware Last Month, Attackers Leaked Accounting and Financial Information

U.S. system-on-chip (SOC) maker company MaxLinear disclosed that some of its computing systems were encrypted by Maze ransomware operators last month, after an initial breach that took place around April 15. MaxLinear provides RF, analog, and mixed-signal integrated circuits for connected home, industrial, and infrastructure applications. MaxLinear says the attack was discovered on May 24.  The company has evidence of unauthorized access to its systems from approximately April 15, 2020, until May 24, 2020. The company said it was able to restore some of the systems affected during the attack, and its IT staff is still working on bringing back up the rest. On June 15, the attackers leaked 10.3GB of accounting and financial information out of the over 1TB of data allegedly stolen before encrypting MaxLinear’s systems.

June 22, 2020
Sergiu Gatlan / Bleeping Computer

Sergiu Gatlan / Bleeping Computer  
Hackers Are Exploiting Google Analytics Platform to Steal Credit Card Info in Ongoing Magecart Attacks

Hackers are using Google’s servers and the Google Analytics platform to steal credit card information submitted by customers of online stores. A new method to bypass Content Security Policy (CSP) using the Google Analytics API disclosed last week by Kaspersky Lab has already been deployed in ongoing Magecart attacks designed to scrape credit card data from several dozen e-commerce sites. The new technique exploits the fact that e-commerce web sites using Google’s web analytics service for tracking visitors are whitelisting Google Analytics domains in their CSP configuration (a security standard used to block the execution of untrusted code on web apps).

Related: Securelist, AndroidRookies, Kaspersky Lab official blog, Tom’s Guide, Security Affairs

Tweets:@e_kaspersky @briankrebs


June 24, 2020
Sergiu Gatlan / Bleeping Computer

Sergiu Gatlan / Bleeping Computer  
Microsoft Says June Windows Security Updates Added New Issue Leading to System Crashes, Reboots

Microsoft acknowledged a new known issue leading to Local Security Authority Subsystem Service (LSASS) critical system process crashes and forced reboots on some Windows 10 devices. LSASS is responsible for security policy enforcing on Windows systems, and it is used by the system to add entries to the security log, as well as to handle user logins, password changes, and access token creation. The bug is in the KB articles for updates to Windows 10 version 1809 (KB4561608), version 1903 and version 1909 (KB4560960), and version 2004 (KB4557957).  Microsoft also said that the June 16 out-of-band update, which fixed printers that stopped working after installing the Patch Tuesday updates, is affected by the LSASS failure. While official fixes are not available, users who can’t use their devices because of LSASS continuously failing can get rid of the issue by uninstalling the June 2020 cumulative updates.

April 6, 2020
Sergiu Gatlan / Bleeping Computer

Sergiu Gatlan / Bleeping Computer  
Interpol Warns That Cybercriminals Are Looking to Lock Hospitals Out of Critical Systems Using Ransomware Despite COVID-19 Crisis

Interpol warns that cybercriminals are increasingly attempting to lock hospitals out of critical systems in trying to deploy ransomware on their networks despite the currently ongoing COVID-19 outbreak even though various operators of ransomware claim they will steer clear of healthcare organizations during the crisis. Maze and Ryuk ransomware operators continue to be active in healthcare arenas. At the same time, Russian-speaking threat actors have also attacked two European companies in the pharmaceutical and manufacturing industries in incidents suspected to involve ransomware.

April 16, 2019
Sergiu Gatlan / Bleeping Computer

Sergiu Gatlan / Bleeping Computer  
Actively Exploited Windows Zero-Day Flaw Patched by Microsoft Could Allow Attackers to Take Over Targeted Machines

An actively exploited Windows zero-day vulnerability which was patched by Microsoft as part of the company’s April 2019 Patch Tuesday updates, together with 73 other flaws, could allow attackers to fully take over targeted machines, according to researchers at Kaspersky Lab. “An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights,” according to Microsoft.

April 12, 2019
Sergiu Gatlan / Bleeping Computer

Sergiu Gatlan / Bleeping Computer  
Popular Free Multimedia Editor VSDC Hacked for Second Time, Visitors Clicking on Site’s Download Links Get Nasty Banking Trojan

The website of free multimedia editor VSDC has been hacked for a second time, with the hackers hijacking “download links on the website causing visitors to download a dangerous banking trojan, Win32.Bolik.2, and the Trojan.PWS.Stealer (KPOT stealer) along with the editing software,” according to researchers at Dr. Web. Last year, Chinese security firm Qihoo 360 Total Security said that malicious actors hacked their way in into the administrative side of the site on June 18, July 2, and July 6, switching legitimate links with links that redirected visitors to JavaScript files that dropped the “AZORult Stealer, X-Key Keylogger and the DarkVNC backdoor” on the victims’ computers. A VSDC spokesperson said that the growing popularity of the site has attracted malicious actors and that they have “resorted to an innovative protection algorithm to prevent the attacks of similar nature in the future.”

July 4, 2019
Sergiu Gatlan / Bleeping Computer

Sergiu Gatlan / Bleeping Computer  
Researchers Attribute a Slew of Malicious Malware Campaigns to TA505 Hacking Group, Downloaders and Backdoors Distributed All Over the World

Several malicious malware campaigns are being distributed by the TA505 hacking group that was behind the Dridex banking trojan and Locky ransomware, with the Gelup downloader and the FlowerPippi backdoor being used to attack targets from the Middle East, Japan, India, the Philippines, and Argentina, according to researchers at Trend Micro. Two spam campaigns also attributed to TA505 are distributing the malware downloader dubbed AndroMut aimed at recipients from U.S, Singapore, UAE, and South Korea, researchers at Proofpoint also discovered. In addition, Microsoft Security Intelligence also issued an alert about two weeks ago about an active spam campaign that tries to infect Korean targets with a FlawedAmmyy RAT malware distributed via malicious XLS attachments, a campaign that has also been attributed to the TA505 hacking group.

Related: Cyberscoop, Dark Reading: Attacks/Breaches, ProofpointTechNadu, CyberSecurity Help s.r.o, SC Magazine, Trend Micro, IT Wire, Appuals.com, ZDNet

Tweets:@dannyjpalmer