Bugs in gym management software let hackers wipe fitness history

Security researchers found vulnerabilities in the Wodify fitness platform that allows an attacker to view and modify user workouts from any of the more than 5,000 gyms that use the solution worldwide. [...]

https://www.bleepingcomputer.com/news/security/bugs-in-gym-management-software-let-hackers-wipe-fitness-history/

SynAck ransomware releases decryption keys after El_Cometa rebrand

The SynAck ransomware gang released the master decryption keys for their operation after rebranding as the new El_Cometa group. [...]

https://www.bleepingcomputer.com/news/security/synack-ransomware-releases-decryption-keys-after-el-cometa-rebrand/

Microsoft Teams will alert users of incoming spam calls

Microsoft is working on adding a spam call notification feature to the Microsoft 365 Teams collaboration platform. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-teams-will-alert-users-of-incoming-spam-calls/

Windows 365 exposes Microsoft Azure credentials in plaintext

A security researcher has figured out a way to dump a user's unencrypted plaintext Microsoft Azure credentials from Microsoft's new Windows 365 Cloud PC service using Mimikatz. [...]

https://www.bleepingcomputer.com/news/microsoft/windows-365-exposes-microsoft-azure-credentials-in-plaintext/

Emails from Lithuanian Ministry of Foreign Affairs for sale on data-trading forum

The Lithuanian Ministry of Foreign Affairs has declined to comment about the authenticity of email files allegedly stolen from its network and offered for sale on a data-trading forum.Lith [...]

https://www.bleepingcomputer.com/news/security/emails-from-lithuanian-ministry-of-foreign-affairs-for-sale-on-data-trading-forum/

The Week in Ransomware - August 13th 2021 - The rise of LockBit

This week we saw an existing operation rise in attacks while existing ransomware operations turn to Windows vulnerabilities to elevate their privileges. [...]

https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-august-13th-2021-the-rise-of-lockbit/

Facebook rolls out end-to-end encryption for Messenger calls

Facebook has announced the roll-out of end-to-end encrypted Messenger voice and video calls five years after making it available in one-on-one text chats. [...]

https://www.bleepingcomputer.com/news/security/facebook-rolls-out-end-to-end-encryption-for-messenger-calls/

US brokers warned of ongoing phishing attacks impersonating FINRA

The US Financial Industry Regulatory Authority (FINRA) warns US brokerage firms and brokers of an ongoing phishing campaign impersonating FINRA officials and asking them to hand over sensitive information under the threat of penalties. [...]

https://www.bleepingcomputer.com/news/security/us-brokers-warned-of-ongoing-phishing-attacks-impersonating-finra/

Ford bug exposed customer and employee records from internal systems

A bug on Ford's website allowed for accessing sensitive systems and obtaining proprietary data, such as customer databases, employee records, internal tickets, etc. The data exposure stemmed from a misconfigured instance of Pega customer engagement system running on Ford's servers. [...]

https://www.bleepingcomputer.com/news/security/ford-bug-exposed-customer-and-employee-records-from-internal-systems/

EasyWSL turns Linux docker images into a Windows 10 WSL distro

If you can't find your favorite Windows Subsystem for Linux distribution available in the Microsoft Store, a new program called EasyWSL can convert almost any Linux Docker image into a WSL distro. [...]

https://www.bleepingcomputer.com/news/microsoft/easywsl-turns-linux-docker-images-into-a-windows-10-wsl-distro/

Hacker claims to steal data of 100 million T-mobile customers

A threat actor claims to have hacked T-Mobile's servers and stolen databases containing the personal data of approximately 100 million customers. [...]

https://www.bleepingcomputer.com/news/security/hacker-claims-to-steal-data-of-100-million-t-mobile-customers/

Colonial Pipeline reports data breach after May ransomware attack

Colonial Pipeline, the largest fuel pipeline in the United States, is sending notification letters to individuals affected by the data breach resulting from the DarkSide ransomware attack that hit its network in May. [...]

https://www.bleepingcomputer.com/news/security/colonial-pipeline-reports-data-breach-after-may-ransomware-attack/

Hackers behind Iranian wiper attacks linked to Syrian breaches

Destructive attacks that targeted Iran's transport ministry and national train system were coordinated by a threat actor dubbed Indra who previously deployed wiper malware on the networks of multiple Syrian organizations. [...]

https://www.bleepingcomputer.com/news/security/hackers-behind-iranian-wiper-attacks-linked-to-syrian-breaches/

SIM swap scammer pleads guilty to Instagram account hijacks, crypto theft

Declan Harrington, a Massachusetts man charged two years ago for his alleged involvement in a series of SIM swapping attacks, pleaded guilty to stealing cryptocurrency from multiple victims and hijacking the Instagram account of others.  [...]

https://www.bleepingcomputer.com/news/security/sim-swap-scammer-pleads-guilty-to-instagram-account-hijacks-crypto-theft/

Secret terrorist watchlist with 2 million records exposed online

A secret terrorist watchlist with 1.9 million records, including "no-fly" records was exposed on the internet. The list was left accessible on an Elasticsearch cluster that had no password on it. [...]

https://www.bleepingcomputer.com/news/security/secret-terrorist-watchlist-with-2-million-records-exposed-online/

Education giant Pearson fined $1M for downplaying data breach

The US Securities and Exchange Commission (SEC) announced today that Pearson, a British multinational educational publishing and services company, has settled charges of mishandling the disclosure process for a 2018 data breach discovered in March 2019. [...]

https://www.bleepingcomputer.com/news/security/education-giant-pearson-fined-1m-for-downplaying-data-breach/

Malware dev infects own PC and data ends up on intel platform

A malware developer unleashed their creation on their system to try out new features and the data ended up on a cybercrime intelligence platform, exposing a glimpse of the cybercriminal endeavor. [...]

https://www.bleepingcomputer.com/news/security/malware-dev-infects-own-pc-and-data-ends-up-on-intel-platform/

T-Mobile confirms servers were hacked, investigates data breach

​T-Mobile has confirmed that threat actors hacked their servers in a recent cyber attack but still investigate whether customer data was stolen. [...]

https://www.bleepingcomputer.com/news/security/t-mobile-confirms-servers-were-hacked-investigates-data-breach/

Hive ransomware attacks Memorial Health System, steals patient data

In what appears to be an attack from the Hive ransomware gang, computers of the non-profit Memorial Health System have been encrypted, forcing staff to work with paper charts. [...]

https://www.bleepingcomputer.com/news/security/hive-ransomware-attacks-memorial-health-system-steals-patient-data/

Chase bank accidentally leaked customer info to other customers

Chase Bank has admitted to the presence of a technical bug on its online banking website and app that allowed accidental leakage of customer banking information to other customers. [...]

https://www.bleepingcomputer.com/news/security/chase-bank-accidentally-leaked-customer-info-to-other-customers/

Fortinet patches bug letting attackers takeover servers remotely

Fortinet has released security updates to address a command injection vulnerability that can let attackers take complete control of servers running vulnerable FortiWeb web application firewall (WAF) installations. [...]

https://www.bleepingcomputer.com/news/security/fortinet-patches-bug-letting-attackers-takeover-servers-remotely/