Networking Equipment Vendor Belden Disclose Data Breach
American networking equipment vendor Belden announced that it has taken decisive measures to investigate and address a data incident involving unauthorized access and copying of some current and former employee data, as well as limited company information regarding some business partners. Belden IT professionals recently detected...
Bijay Pokharel,
November 27, 2020
1 min read
Canon Publicly Acknowledge August Ransomware Attack
Canon has confirmed that the cyberattack suffered in early August was caused by ransomware and that the hackers stole data from company servers. “We identified a security incident involving ransomware on August 4, 2020. We immediately began to investigate, a cybersecurity firm was engaged, and...
Bijay Pokharel,
November 27, 2020
1 min read
Sophos Warns Affected Customers After Security Breach
UK cyber security and hardware company Sophos has notified customers that data has potentially been leaked online due to a misconfigured database. The exposed customer data was accessible to unauthorized parties due to a misconfigured “tool” used by the company to store information by users who reached out to...
Bijay Pokharel,
November 26, 2020
1 min read
South Korean Watchdog Fines Facebook $6.1 Million For Sharing User Info Without Consent
A South Korean agency for protecting personal information on Wednesday fined$6.06 million and sought a criminal investigation for providing users’ personal information to other operators without consent, Reuters reports The country’s Personal Information Protection Commission, launched in August this year, said in a statement it...
Bijay Pokharel,
November 26, 2020
1 min read
2FA Bypass Flaw Could Affect Over 70 Million Sites
Digital Defense, Inc., a leader in vulnerability and threat management solutions, announced that its Vulnerability Research Team (VRT) uncovered a previously undisclosed vulnerability affecting the cPanel & WebHost Manager (WHM) web hosting platform. cPanel & WHM version 11.90.0.5 (90.0 Build 5) exhibits a two-factor authentication bypass flaw, vulnerable...
Bijay Pokharel,
November 25, 2020
1 min read
NCSC: Multiple Actors Are Attempting To Exploit MobileIron Vulnerability CVE 2020-15505
The UK National Cyber Security Centre (NCSC) issued an alert prompting all organizations to patch the critical CVE-2020-15505 remote code execution (RCE) vulnerability in MobileIron mobile device management (MDM) systems. MobileIron remote code execution vulnerability is a target for APT nation state groups and cyber criminals to...
Bijay Pokharel,
November 25, 2020
1 min read
What Is A Dictionary Attack ? Here’s How Can You Can Prevent It
A dictionary attack is based on trying all the strings in a pre-arranged listing. Such attacks originally used words one would find in a dictionary. However, now there are much larger lists available on the open Internet that contain hundreds of millions of passwords recovered...
Bijay Pokharel,
November 25, 2020
4 min read
Over 300K Spotify Accounts Hacked In Credential Stuffing Attack
VPNMentor’s research team has discovered a possible credential stuffing operation whose origins are unknown, but that affected some online users who also have Spotify accounts. Credential stuffing is a hacking technique that takes advantage of weak passwords that consumers use — and often re-use — online....
Bijay Pokharel,
November 24, 2020
2 min read
TikTok Patches Reflected XSS Bug, One-Click Account Takeover Exploit
TikTok has patched a reflected XSS security flaw and a bug leading to account takeover impacting the firm’s web domain. Reported via the bug bounty platform HackerOne by researcher Muhammed “milly” Taskiran, the first vulnerability relates to a URL parameter on the tiktok.com domain which was not...
Bijay Pokharel,
November 23, 2020
1 min read
Manchester United Football Club Discloses Cyber Security Breach
European football club Manchester United disclosed on late Friday a cyber-security incident that impacted its internal systems. The football club said it’s still investigating the incident and couldn’t say if the breach allowed the intruders to access data associated with fans or store customers. While...
Bijay Pokharel,
November 22, 2020
1 min read
Top 4 Best Anonymous Email Providers
There are many email providers that offer secure email services. However, not all of them shield your identity. Some will only encrypt the content of your emails, so be sure to check whether it hides your IP address, whether it asks for your personal information...
Bijay Pokharel,
November 18, 2020
4 min read
Microsoft : Cybercriminals Are Targeting Covid-19 Vaccine Makers
Microsoft has detected cyberattacks from three nation-state actors targeting seven prominent companies directly involved in researching vaccines and treatments for Covid-19. The targets include leading pharmaceutical companies and vaccine researchers in Canada, France, India, South Korea and the United States. The attacks came from Strontium,...
Bijay Pokharel,
November 14, 2020
1 min read
Stock Photo Site 123RF Has Suffered A Massive Data Breach | 8.3 Million User Records Exposed !
Popular stock photo site 123RF has suffered a massive data breach. Cybercriminal began selling database containing 8.3 million user records on a Darkweb. The stolen data includes a 123RF members’ full name, email address, MD5 hashed passwords, company name, phone number, address, PayPal email if...
Bijay Pokharel,
November 13, 2020
1 min read
Ransomware Group Turns To Facebook Ads
A ransomware group has started using hacked Facebook accounts to run ads publicly pressuring their ransomware victims into paying up, krebsonsecurity reports. On the evening of Monday, Nov. 9, an ad campaign apparently taken out by the Ragnar Locker Team began appearing on Facebook. The ad was designed to...
Bijay Pokharel,
November 11, 2020
3 min read
5.8 Million RedDoorz User Records For Sale On Dark Web
Singapore-based hotel management & booking platform Reddoorz suffers a massive data breach. A hacker is selling a RedDoorz database containing 5.8 million user records on a dark web. As part of the sale, the threat actor shared a database sample, including the table structure and...
Bijay Pokharel,
November 10, 2020
1 min read
Critical Bugs Found On ‘Ultimate Member’ Plugin | UPDATE IMMEDIATELY !
Wordfence’s Threat Intelligence team disclosed several vulnerabilities in Ultimate Member, a WordPress plugin installed on over 100,000 sites. These flaws made it possible for attackers to escalate their privileges to those of an administrator and take over a WordPress site. Ultimate Member is an extensible WordPress...
Bijay Pokharel,
November 10, 2020
4 min read
The EU May Be Looking Into Breaking End-To-End Encrypted Chats
In the EU Council of Ministers, a resolution was made ready within five days, obliging platform operators such as WhatsApp, Signal and Co. to create master keys for monitoring E2E-encrypted chats and messages, the ORF (Austrian Broadcasting Corporation) reports. The ORF obtained an internal draft in which...
Bijay Pokharel,
November 10, 2020
3 min read
Hosting Provider Exposed 63 Million Customer Records
A hosting provider exposed over 63 million customer records via an open elastic search database containing verbose logs with plain-text username/password credentials for numerous WordPress, Magento and other sites, securethoughts reports. The database appeared to belong to the Texas-based cloud application hosting provider, Cloud Clusters...
Bijay Pokharel,
November 9, 2020
2 min read
FBI : Cyber-Criminals Target Misconfigured SonarQube Instances to Access Proprietary Source Code of US Government Agencies and Businesses
Since April 2020, unidentified cyber actors have actively targeted vulnerable SonarQube instances to access source code repositories of US government agencies and private businesses, the FBI said in an alert sent out last month and made public this week on its website. The actors exploit known configuration...
Bijay Pokharel,
November 7, 2020
1 min read
Cyber-Criminal is Selling 34 Million User Records Stolen From 17 Companies
A hacker is selling account databases containing an aggregate total of 34 million user records that they claim were stolen from seventeen companies during data breaches, according to Bleepingcomputer. On October 28th, a data breach broker created a new topic on a hacker forum to...
Bijay Pokharel,
November 1, 2020
2 min read





