Empire Market
August 24, 2020
•[ ddos, technology ]
The popular dark web site Empire Market has been down for at least 48 hours, with some users suspecting an exit scam and others blaming a prolonged distributed denial-of-service (DDoS) attack.
Freepik
August 21, 2020
•[ hack, sqlinjection, technology ]
Freepik says that hackers were able to steal emails and password hashes for 8.3 million Freepik and Flaticon users in an SQL injection attack against the company's Flaticon website.
Yunrun Big Data Service
August 20, 2020
•[ hack, misconfiguration, technology ]
A group of hackers says they have obtained internal files from three Chinese social media monitoring companies. The victims are Knowlesys, Yunrun Big Data Service, and OneSight.
SnapFulfil
August 20, 2020
•[ ransomware, malware, technology ]
Warehouse management software provider SnapFulfill is hit by ransomware.
RailYatri
August 12, 2020
•[ leak, misconfiguration, technology ]
One of India's most popular travel booking hubs has suffered a significant data breach that led to the loss of over 43GB of data as a result of a Meow bot attack. Preceding the attack, the affected Elastic search server was left publicly exposed for several days.
Kariyer
August 12, 2020
•[ leak, misconfiguration, technology ]
A file containing the information of 50,000 members of Kariyer.net is found on the web by LVKK, the Turkish data protection authority.
ShockGore
August 11, 2020
•[ leak, misconfiguration, technology ]
In August 2020, the website for sharing graphic videos and images of gore and animal cruelty suffered a data breach. The breach exposed 74k unique email addresses alongside usernames, IP addresses, genders and unsalted SHA-1 password hashes. Private messages were also exposed, many containing requests for material of a depraved nature. The data was provided to HIBP by a source who requested it be attributed to "white_peacock@riseup.net".
Jefit
August 11, 2020
•[ hack, misconfiguration, technology ]
In August 2020, the workout tracking app Jefit suffered a data breach. The data was subsequently sold within the hacking community and included over 9 million email and IP addresses, usernames and passwords stored as either vBulletin or argon2 hashes. Several million cracked passwords later appeared in broad circulation.
Defcon
August 9, 2020
•[ hack, misconfiguration, technology ]
The defcon.org forum is attacked with CVE-2019-16759 (targeting vBulletin), three hours after it is disclosed.
Reddit
August 7, 2020
•[ hack, technology ]
Tens of Reddit channels have been hacked and defaced to show messages in support of Donald Trump's reelection campaign.
Telstra
August 2, 2020
•[ hack, ddos, technology ]
Telstra suffers a DDoS attack.
Undisclosed Vietnamese IT corporation
August 1, 2020
•[ ransomware, malware, technology ]
Researchers from Kela reveal that an undisclosed Vietnamese IT corporation was hit with the Maze ransomware exploiting the CVE-2019-11510 vulnerability.
Konica Minolta
July 30, 2020
•[ ransomware, malware, technology ]
Konica Minolta is hit with a RansomEXX ransomware attack.
Promo
July 27, 2020
•[ leak, technology ]
Promo.com, an Israeli-based marketing video creation site, discloses a data breach after a database containing 22 million user records is leaked for free on a hacker forum.
Flood
July 26, 2020
•[ hack, misconfiguration, technology ]
Software testing service Flood.io suffers a breach blamed on OAuth tokens stolen by the attackers from Waydev.
Emotet botnet
July 24, 2020
•[ hack, malware, technology ]
Someone is taking fun at the Emotet botnet and disrupting its operations by hacking into the malware's distribution sites and replacing malicious payloads with memes and GIFs.
CouchSurfing
July 23, 2020
•[ hack, technology ]
CouchSurfing, an online service that lets users find free lodgings, investigates a security breach after hackers began selling the details of 17 million users on Telegram channels and hacking forums.
A telecom company in the Middle East
July 22, 2020
•[ espionage, malware, technology ]
Researchers from Palo Alto Networks discover a series of cyberattacks on a telecom company in the Middle East signaling the return of the OilRig APT. The attacks also revealed a revised backdoor tool in the group's arsenal, called RDAT.
DeepSource
July 21, 2020
•[ social, phishing, technology ]
DeepSource resets the user logins after an employee falls for the Sawfish phishing campaign.
