Windows utility developer IObit was hacked over the weekend to perform a widespread attack to distribute the strange DeroHE ransomware to its forum members.
IObit is a software developer known for Windows system optimization and anti-malware programs, such as Advanced SystemCare.
Over the weekend, IObit forum members began receiving emails claiming to be from IObit stating that they are entitled to a free 1-year license to their software as a special perk of being a forum member.
The OpenWRT forum, a large community of enthusiasts of alternative, open-source operating systems for routers, announced a data breach.
Forum administrators posted the announcement in a high-visibility area, explaining what happened and the risks to users stemming from exposing their data.
Good password not enough
The attack occurred on Saturday, around 04:00 (GMT), when an unauthorized third party gained admin access to and copied a list with details about forum users and related statistical information.
The intruder used the account of an OpenWRT administrator. The intruder used the account of an OpenWRT administrator. Although the account had “a good password,” additional security provided by two-factor authentication (2FA) was not active.
Email addresses and handles of the forum users have been stolen, the moderators say. They add that they believe the attacker was not able to download the forum database, meaning that passwords should be safe..
However, they reset all the passwords on the forum just to be on the safe side and invalidated all the API keys used for project development processes.
Users have to set the new password manually from the login menu by providing their user name and following the “get a new password” instructions. Those logging in using GitHub credentials are advised to reset or refresh it.
Signal users are currently experiencing issues around the world, with users unable to send and receive messages. When attempting to send messages via Signal, users are seeing loading screen and error message “502”.
According to DownDetector and user reports, Signal is currently experiencing an outage in the U.S, Europe, and other parts of the world. The problem was first reported at 10:09 AM EST.
For now, Signal users will have to wait until the company has resolved the issue.
The European Medicines Agency (EMA) today revealed that some of the stolen Pfizer/BioNTech vaccine candidate data was doctored by threat actors before being leaked online with the end goal of undermining the public’s trust in COVID-19 vaccines.
EMA is the decentralized agency that reviews and approves COVID-19 vaccines in the European Union, and the agency that evaluates, monitors, and supervises any new medicines introduced to the EU.
The ongoing investigation of the cyberattack on EMA revealed that some of the unlawfully accessed documents related to COVID-19 medicines and vaccines have been leaked on the internet, the agency disclosed today.
This included internal/confidential email correspondence dating from November, relating to evaluation processes for COVID-19 vaccines.
Some of the correspondence has been manipulated by the perpetrators prior to publication in a way which could undermine trust in vaccines.
EMA revealed that the COVID-19 vaccine data stolen in December was leaked online in a previous update, on Tuesday.
Threat actors are hacking verified Twitter accounts in an Elon Musk cryptocurrency giveaway scam that has recently become widely active.
There is nothing new about cryptocurrency scams on Twitter, especially ones pretending to be giveaways from Elon Musk. In 2018, scammers raked in $180,000 using a successful Elon Musk giveaway scam promoted on Twitter.
Over the past week, security researcher MalwareHunterTeam has seen an uptick in verified Twitter accounts hacked in a scam promoting another fake Elon Musk cryptocurrency giveaway.
Facebook has taken legal action against the makers of malicious Chrome extensions used for scraping user-profiles and other information from Facebook’s website and from users’ systems without authorization.
The two defendants developed and distributed the malicious browser extensions through the Chrome Web Store working under the “Oink and Stuff” business name.
Four of their extensions — Web for Instagram plus DM, Blue Messenger, Emoji keyboard, and Green Messenger — were malicious and contained hidden computer code that functioned like spyware.
The four extensions are still available for download in Google’s Chrome Web Store and they currently have more than 54,000 users.
he US National Security Agency (NSA) says that companies should avoid using third party DNS resolvers to block threat actors’ DNS traffic eavesdropping and manipulation attempts and to block access to internal network information.
NSA’s recommendation was made in a new advisory on the benefits (and risks) of using DNS over HTTPS (DoH) in enterprise environments, an encrypted domain name system (DNS) protocol that blocks unauthorized access to the DNS traffic between clients and DNS resolvers.
NSA recommends that an enterprise network’s DNS traffic, encrypted or not, be sent only to the designated enterprise DNS resolver, the US intelligence agency said.