Daily Cyber Brief
2K games confirms hacked data is up for sale, the BidenCash darkweb market gives away 1.2M credit cards for free, and hackers steal at least $100M from Binance bridge...
Cybersecurity
A news bulletin on Iranian state television was hacked as video of the country's supreme leader was broadcast on Saturday, all while protests sparked by the death of a young woman following her arrest continued across the country. The hackers flashed an image of…
Meta Platforms on Friday disclosed that it had identified over 400 malicious apps on Android and iOS that it said targeted online users with the goal of stealing their Facebook login information. "These apps were listed on the Google Play Store and Apple's App Store and…
Multiple campaigns that distributed trojanized and typosquatted packages on the NPM open source repository have been identified as the work of a single threat actor dubbed LofyGang. Checkmarx said it discovered 199 rogue packages totaling thousands of installations, with…
Video game publisher 2K emailed users on Thursday to warn that some of their personal info was stolen and put up for sale online following a September 19 security breach. 2K confirmed on September 20 that its help desk platform was hacked and used by the attackers to target…
WhatsApp parent company Meta is suing three Chinese developers for allegedly tricking users into downloading fake versions of the app that harvested their login details. WhatsApp and Meta are listed as plaintiffs in the case, filed in the US District Court for the Northern…
A dark web carding market named 'BidenCash' has released a massive dump of 1,221,551 credit cards to promote their marketplace, allowing anyone to download them for free to conduct financial fraud. Carding is the trafficking and use of credit cards stolen through…
Malicious adult websites push fake ransomware which, in reality, acts as a wiper that quietly tries to delete almost all of the data on your device. While it is unclear how the threat actors promoted the websites, they all used host names that indicated they were offering nude…
A severe remote code execution vulnerability in Zimbra's enterprise collaboration software and email platform is being actively exploited, with no patch currently available to remediate the issue. The shortcoming, assigned CVE-2022-41352, carries a critical-severity rating of…
The world’s largest cryptocurrency exchange Binance lost at least $100 million in a hack on Thursday, the company disclosed Thursday. According to ’Binance CEO Changpeng Zhao, hackers exploited a vulnerability in BSC Token Hub, a bridge that facilitates the transfer of…
Fortinet has privately warned its customers of a security flaw affecting FortiGate firewalls and FortiProxy web proxies that could potentially allow an attacker to perform unauthorized actions on susceptible devices. Tracked as CVE-2022-40684 (CVSS score: 9.6), the critical…