Exploits/Vulnerability

Kiwi Farms breached, user data potentially exposed

Posted: September 20, 2022 by Malwarebytes Labs The operators of a site known to most observers for being in a recent state of flux have announced a forum breach. Kiwi Farms, which gained a reputation for sophisticated trolling and doxxing, was recently dropped by Cloudflare after a sustained campaign to have the DDoS mitigation and cloud hosting service abandon the forum. The […]

Kiwi Farms breached, user data potentially exposed Read More »

American Airlines suffers data breach after phishing incident

Posted: September 20, 2022 by Pieter Arntz Major airline American Airlines has fallen victim to a data breach after a threat actor got access to the email accounts of several employees via a phishing attack. According to a published notice of a security incident, the data breach was discovered in July 2022. How it happened American Airlines said the successful phishing attack led

American Airlines suffers data breach after phishing incident Read More »

School app Seesaw compromised to send shock NSFW image

Posted: September 15, 2022 by Jovi Umawing On Wednesday, parents and teachers reported that student learning platform, Seesaw, had been hacked after some users received an infamous explicit photo known as “goatse” on private chats. Schools from districts in Colorado, Illinois, Kansas, Michigan, New York, Oklahoma, South Dakota, and Texas all experienced similar issues, and began to send out warnings

School app Seesaw compromised to send shock NSFW image Read More »

Uber hacked

Posted: September 16, 2022 by Pieter Arntz Uber informed the public on Thursday it was responding to a cybersecurity incident after somebody breached its network. From what we have been able to find out so far, the attacker managed to compromise an employee’s access to the chat app Slack. The intruder may also have gained access to the

Uber hacked Read More »

Update now! Microsoft patches two zero-days

Posted: September 14, 2022 by Pieter Arntz The Microsoft September 2022 Patch Tuesday includes fixes for two publicly disclosed zero-day vulnerabilities, one of which is known to be actively exploited. Five of the 60+ security vulnerabilities were rated as “Critical”, and 57 as important. Two vulnerabilities qualify as zero-days, with one of them being actively exploited. Zero-days The first zero-day, CVE-2022-37969,

Update now! Microsoft patches two zero-days Read More »

The North Face hit by credential stuffing attack

Posted: September 12, 2022 by Christopher Boyd The North Face clothing brand, which specialises in outdoor and heavy weather outerwear, has experienced a “large-scale” credential stuffing attack. This has resulted in no fewer than 194,905 accounts being compromised. What is credential stuffing, and how did it affect The North Face customers? What is credential stuffing? Credential stuffing is an

The North Face hit by credential stuffing attack Read More »

Your HP Support Assistant needs an update!

Posted: September 8, 2022 by Pieter Arntz HP has issued a new version of its HP Support Assistant tool. Users of HP Support Assistant versions earlier than 9.11 and Fusion versions earlier than 1.38.2601.0 are affected by a high severity vulnerability. According to HP it is possible for an attacker to exploit a dynamic-link library (DLL) hijacking vulnerability and elevate

Your HP Support Assistant needs an update! Read More »