Author: ISBuzz Team

Mimecast, an email security provider, has disclosed that a threat actor compromised certificates provided to Microsoft customers to authenticate Microsoft 365 IEP’s, Mimecast Sync and Recover, as well as its Continuity Monitor.

It has been reported that a new trend is emerging among ransomware groups where they prioritize stealing data from workstations used by top executives and managers in order to find information that can be used to blackmail the executives to pressure the company to pay the ransomware.

A new vulnerability in the VPN service SaferVPN is discovered that could allow for local privilege escalation on Windows systems. The researcher mmht3t disovered this vulnerability and briefly exploited as below: When SaferVPN attempts to connect to a VPN server it spawns the OpenVPN executable in the context of NT AUTHORITY\SYSTEM;The VPN then tries to load an openssl.cnf configuration file from a non-existing folder (C:\etc\ssl\openssl.cnf);This will allow a low-privileged users is able to create folders under C:\ on Windows, and it’s possible for them to create the appropriate path and place a crafted openssl.cnf file in it;Once OpenVPN starts in SaferVPN,…

It has been reported that a ransomware attack launched against gaming company Capcom last November keeps getting worse. As per company announcement, personal data of up to 400,000 of its customers was compromised in the cyber attack. The breach was first detected on Nov, 2 and uptill now company has issued three update. Capcom is a Japan-based publisher of blockbuster games like Resident Evil, Street Fighter and Dark Stalkers.

A Chinese data-scraping social media management firm named Socialarks has exposed over 200 million users of Instagram, Facebook, and LinkedIn, as its entire 408 GB of data leaked online. The security incident resulted from an ElasticSearch server misconfiguration, which was set to public access without password protection. The exposed set includes public data as well as private information including phone numbers and email addresses. In detail, the researchers have found the following in the exposed server: 11,651,162 Instagram user profiles, 66,117,839 LinkedIn user profiles, and 81,551,567 Facebook user profiles.

A data breach has been discovered in the United Nations which exposed over 100k of UNEP’s staff records. Researchers with Sakura Samurai, an ethical hacking and research group, discovered the records were accessible through the UN’s Vulnerability Disclosure Program. The data accessible included administrator database credentials, employee ID’s, name’s, travel justifications, start and end dates, as well as their HR demographic data. 

After a challenging 2020, telecommunication companies aim to make 2021 the year of 5G and hope to fully deploy the tech across the U.S. Widespread availability of a 5G network will provide faster connections for a wide range of devices — including Internet of Things (IoT) sensors — and make new technology possible, like edge computing. All this potentially offers big advantages for businesses — but only if they can leverage 5G and know how edge computing may pose new security risks. Practical Applications of Edge Computing With 5G Cloud-connected devices typically don’t have the processing power needed to handle…

Networking equipment and IoT device vendor Ubiquiti Networks has sent out following notification emails to its customers informing them of a recent security breach. “We recently became aware of unauthorized access to certain of our information technology systems hosted by a third party cloud provider,”  The system in question stores the user profile for ui.com containing names, email addresses, and salted and hashed passwords.

It has been reported that Independent News and Media (INM) is trying to stall a case that is being taken against it and its former chairman, Leslie Buckley, by two members of the so-called INM-19 cohort whose personal data was allegedly hacked at the newspaper publisher. Former INM executives, Karl Brophy and Gavin O’Reilly, who are suing the company and Mr Buckley, are trying to force the company to file a defence to their legal claim over the alleged breach of their data. The two businessmen, who left INM and later set up PR company Red Flag, have sought judgment against INM for not…

Please see the below comment from cybersecurity expert in response to the news that a cyber criminal group has posted what it claims are documents stolen from Hackney Council in a ransomware attack.