A China-based cyber campaign dubbed “Nansh0u” has targeted tens of thousands of unsecured Windows MS-SQL and PHPMyAdmin servers worldwide.
News aggregator Flipboard warned that an unauthorized person gained access to subset of user account data and cryptographically protected passwords.
Facebook provided an update to a previously disclosed incident involving insecurely storing “tens of thousands” of Instagram users’ passwords on internal servers in clear text. Facebook now says that “millions” of Instagram accounts are now impacted.
Cisco’s Talos security team has observed ongoing malware distribution campaigns that use a new version of a keylogger and password stealer “HawkEye Reborn v9.”
A newly discovered botnet dubbed Xwo has been scanning the internet for exposed web services and default passwords. The malware was discovered by AT&T’s Alien Labs back in March and is related to malware families MongoLock and Xbash.
Mozilla has released Firefox 66 that includes many new features, such as blocking websites from automatically playing sound. Users can also use the new Firefox to add individual sites to an exceptions list or turn off the blocking feature.
Google has released a new Chrome extension “Password Checkup” that warns users if their account username and passwords are known to be unsafe and leaked as part of past data breaches.
Popular WordPress plugin maker WPML said their website was hacked over the weekend and led to the loss of customer data. The culprit was an ex-employee who exploited a backdoor planted on an unsecured web server.
A massive data breach dubbed “Collection #1” exposed nearly 800 million email addresses and millions of passwords. Security expert Troy Hunt was alerted of the leaked data made available for free download from popular MEGA cloud storage service. The data consisted of over 12,000 separate files and more than 87GB of data.
Cisco issued a critical security update that fixes a default password vulnerability (CVE-2018-15427) in its Video Surveillance Manager software.