PHP Developers Warn About Potential Data Leak

by Emma Davis
PHP data leak

Maze and Egregor ransomware operators earned more than $75 million in bitcoins

by Emma Davis
Maze and Egregor ransomware
Have I Been Pwned

Have I Been Pwned included a search for data leaked from Facebook by phone number

Last weekend, the data of 533 313 128 Facebook users were published on the darknet, and now Have I Been Pwned included a search for data leaked from Facebook by phone number. dump includes phone numbers, names, Facebook IDs, email addresses, location information, gender, date of birth, work, and other data that may have contained social network profiles. This leak differed from others by the fact that it contained not only data from public profiles, but also phone numbers associated with these accounts. According to information security experts, back in 2019, cybercriminals exploited a...

Cybersecurity news: March 2021

Cybersecurity news: March 2021

While the whole world was summarizing the past year in the state of the pandemic, the cybersecurity world showed an unusual calmness. After the roaring 2020, which was a real trial for the security tools developers, January looked like a normal continuation. But in February a lot of things changed: several big groups of malware distributors were busted, so ransomware distribution became very slack. These events put a lot of influence on the further spreading of all malware. So, it is nothing extraordinary that there were only 3 things from cybersecurity world in March I want to tell you about...

VMware fixed vulnerabilities

VMware fixed vulnerabilities in Carbon Black Cloud Workload and vROps

VMware has patched several major vulnerabilities in the Carbon Black Cloud Workload and VMware vRealize Operations (vROps). vulnerability in Carbon Black Cloud Workload was identified as CVE-2021-21982 and scored 9.1 out of 10 on the CVSS v3. The bug was discovered by Yegor Dimitrenko from Positive Technologies and is associated with the administrative interface. It allows attackers to bypass authentication by manipulating the URL in the interface. Thus, an attacker could exploit the error to execute arbitrary code on the server. Dmitrienko also identified two vulnerabilities in VMware...

Miners abuse GitHub infrastructure

Dutch cyber security specialist Justin Perdok discovered that miners (at least one) can abuse the CI/CD function of GitHub Actions to force the company’s servers to mine cryptocurrency. It seems that such attacks do not harm user projects in any way, but they create a huge load on the GitHub infrastructure. , Perdock was not the first to notice such attacks, he only drew attention to the problem: they were first discovered by a French researcher known as Tib, who wrote that the attacks began in November 2020 and continue to this day. Perdock says that everything is based on creating a...

Fake jQuery Migrate plugin

Fake jQuery Migrate plugin infected many WordPress sites

Researchers Denis Sinegubko and Adrian Stoyan have found fake versions of jQuery files on dozens of sites that mimic the jQuery Migrate plugin for WordPress running on 7.2 million sites. uch forgeries contain obfuscated code to download malware, and it is not yet clear how these scripts end up on the pages of compromised resources. To make detection more difficult, these malicious files replace legitimate files at ./wp-includes/js/jquery/, where WordPress usually stores jQuery files. So, files jquery-migrate.js and jquery-migrate.min.js contain obfuscated code that additionally loads a...

hackers attack IS specialists

North Korean hackers attack IS specialists again

In January 2021, Google experts warned that North Korean hackers attack IS specialists engaged in vulnerability research. used social engineering to specialists, tried to gain their trust, and eventually lure them to malicious sites and infect their systems with malware. Now Google writes that these attacks have resumed: the website of the fake information security firm SecuriElite was discovered, as well as its Twitter and LinkedIn accounts, which were created by the same hacker group. Allegedly, the firm is located in Turkey and is engaged in pentests, software security assessments and...

The Ubiquiti hack was disastrous

The Ubiquiti Hack Was More Disastrous Than Reported

KrebsOnSecurity source claims that the January 2021 hack of major cloud IoT device vendor Ubiquiti was more disastrous than officially reported. a reminder, Ubiquiti reported earlier this year that a third-party cloud service provider had been hacked, resulting in theft of customer credentials. However, KrebsOnSecurity source said that Ubiquiti grossly downplayed the “catastrophic” incident in order to minimize the impact on its share price, and the third-party cloud service provider’s claim was fabricated. The company became aware of β€œunauthorized access to certain IT...

Ziggy returns money to victims

Ziggy ransomware operator returns money to victims

Bleeping Computer drew attention to an interesting situation around the ransomware Ziggy, which closed down last month: its operator returns money to victims of malware. ceased operations in February 2021. Then, in a short announcement, the author of the ransomware said that he was “upset” because of what he had done and promised to publish the decryption keys in the public domain. The SQL file with 922 keys was actually made public the very next day. Last week, Ziggy operator announced he wants to return the money to the victims who had previously paid the ransom. Now, after a...