Daily Cyber Brief

A HackerOne employee was selling bug reports on the side, the Raspberry Robin worm was found in hundreds of Windows networks, and the OpenSea marketplace faced an insider threat...

Cybersecurity

CISA orders federal agencies to patch Windows bug

The Cybersecurity and Infrastructure Security Agency on Friday said that federal civilian executive branch agencies must apply remediations for a security bug affecting Microsoft devices by July 22. The vulnerability, tracked as CVE-2022-26925, was temporarily removed…

Rogue HackerOne employee steals bug reports to sell on the side

A HackerOne employee stole vulnerability reports submitted through the bug bounty platform and disclosed them to affected customers to claim financial rewards. The rogue worker had contacted about half a dozen HackerOne customers and collected bounties “in a handful of…

Verified Twitter accounts hacked to send fake suspension notices

Threat actors are hacking verified Twitter accounts to send fake but well-written suspension messages that attempt to steal other verified users' credentials. Twitter verifies accounts if they are considered notable influencers, celebrities, politicians, journalists, activists, and…

TikTok Assures U.S. Lawmakers it's Working to Safeguard User Data From Chinese Staff

Following heightened worries that U.S. users' data had been accessed by TikTok engineers in China between September 2021 and January 2022, the company sought to assuage U.S. lawmakers that it's taking steps to "strengthen data security." The admission that some…

DragonForce Malaysia Releases LPE Exploit, Threatens Ransomware

The hacktivist group DragonForce Malaysia has released an exploit that allows Windows Server local privilege escalation (LPE) to grant access to local distribution router (LDR) capabilities. It also announced that it's adding ransomware attacks to its arsenal…

Publishing giant Macmillan still unable to process orders after ransomware attack

Publishing giant Macmillan is in the process of recovering from a ransomware attack that has left it unable to process orders electronically. No ransomware group has come forward to claim the attack, but employees of the company initially took to Twitter to discuss the…

Microsoft finds Raspberry Robin worm in hundreds of Windows networks

Microsoft says that a recently spotted Windows worm has been found on the networks of hundreds of organizations from various industry sectors. The malware, dubbed Raspberry Robin, spreads via infected USB devices, and it was first spotted in September 2021 by…

OpenSea NFT Marketplace Faces Insider Hack

OpenSea, the largest nonfungible token (NFT) marketplace, this week announced that an employee of one of its email vendors, Customer.io, accessed and downloaded the company's email list. It added that anyone who has ever shared their email address with the platform…

State Department offers up to $10 million for info on foreign election interference

The State Department announced on Thursday that it is offering up to $10 million for tips about foreign interference in U.S. elections, including illegal cyber activities. The cash, offered through the department’s Rewards for Justice program, would be for any information…

Daily Cyber Brief

A HackerOne employee was selling bug reports on the side, the Raspberry Robin worm was found in hundreds of Windows networks, and the OpenSea marketplace faced an insider threat...

Cybersecurity

Join the conversation

Overt Operator