Security
Headlines
HeadlinesLatestCVEs

Headline

Biggest DDoS Attack in History Hits Russian Tech Giant Yandex

Plus: A TrickBot hacker arrest, a Fortinet VPN password leak, and more of the week’s top security news.

Wired
#Security#Security / Security News#Security Roundup

Related news

The US Puts a $10M Bounty on DarkSide Ransomware Hackers

Plus: a “Trojan Source” bug, Russian hackers exposed, and more of the week's top security news.

Google details cookie stealer malware campaign targeting YouTubers

By Waqas Google attributed the malware campaign to a group of attackers recruited via a Russian-language hacker forum. This is a post from HackRead.com Read the original post: Google details cookie stealer malware campaign targeting YouTubers

A Telegram Bot Told Iranian Hackers When They Got a Hit

APT35 may not be the most dangerous group out there, but they've got a new phishing trick.

30 Mins or Less: Rapid Attacks Extort Orgs Without Ransomware

The previously unknown SnapMC group exploits unpatched VPNs and webserver apps to breach systems and carry out quick-hit extortion in less time than it takes to order a pizza.

Someone Hacked a US Warship Facebook Account to Stream Games

Plus: Twitch hack fallout, Russian phishing, and more of the week’s top security news.

75K Email Inboxes Hit in New Credential Phishing Campaign

Attacker used a legitimate — but likely deprecated — domain to sneak malicious emails past security filters, vendor says.

Credential Spear-Phishing Uses Spoofed Zix Encrypted Email

The spoofed email has targeted close to 75K inboxes, slipping past spam and security controls across Office 365, Google Workspace, Exchange, Cisco ESA and more.

Microsoft Warns of 'FoggyWeb' Malware Targeting AD FS Servers

The group tracked as Nobelium uses multiple tactics to steal credentials with the goal of gaining admin access to Active Directory Federation Services.

CVE-2020-20508: Login hijacking in register · Issue #223 · samnabi/shopkit

Shopkit v2.7 contains a reflective cross-site scripting (XSS) vulnerability in the /account/register component, which allows attackers to hijack user credentials via a crafted payload in the E-Mail text field.

Groove Ransomware Gang Tries New Tactic to Attract Affiliates

The threat group, which leaked some 500,000 credentials for Fortinet SSL VPN devices, views ransomware as just one way to profit from compromised networks, experts say.