Cybersecurity News

The caches of data that were publicly accessible included names, email addresses and social security numbers The post Microsoft Power Apps misconfiguration exposes millions of records appeared first on WeLiveSecurity source https://www.welivesecurity.com/2021/08/24/microsoft-power-apps-misconfiguration-exposes-millions-records/

Meet SparklingGoblin, a member of the Winnti family The post The SideWalk may be as dangerous as the CROSSWALK appeared first on WeLiveSecurity source https://www.welivesecurity.com/2021/08/24/sidewalk-may-be-as-dangerous-as-crosswalk/

The attacker returned the loot after being offered a gig as chief security advisor with Poly Network. from Threatpost Poly Network Recoups $610M Stolen from DeFi Platform https://ift.tt/3y8ZJ1X

Cybersecurity watchdog CitizenLab saw the new zero-day FORCEDENTRY exploit successfully deployed against iOS versions 14.4 & 14.6, blowing past Apple's new BlastDoor sandboxing feature to install spyware on the iPhones of Bahraini activists – even one living in London at the time. from Threatpost Pegasus Spyware Uses iPhone Zero-Click iMessage Zero-Day https://ift.tt/3guH0Yy

Researchers have spotted the latest version of the Triada trojan targeting mobile devices via an advertising SDK. from Threatpost Custom WhatsApp Build Delivers Triada Malware https://ift.tt/3mv36y4

Chad Anderson, senior security researcher for DomainTools, demonstrates how seemingly disparate pieces of infrastructure information can form perfect fingerprints for tracking cyberattackers' infrastructure. from Threatpost Effective Threat-Hunting Queries in a Redacted World https://ift.tt/3zfOLsD

Data leaked includes COVID-19 vaccination records, social security numbers and email addresses tied to American Airlines, Ford, Indiana Department of Health and New York City public schools. from Threatpost Microsoft Spills 38 Million Sensitive Data Records Via Careless Power App Configs https://ift.tt/2Wbhktf

CISA is warning about a surge of ProxyShell attacks, as Huntress discovered 140 webshells launched against 1,900 unpatched Microsoft Exchange servers. from Threatpost ProxyShell Attacks Pummel Unpatched Exchange Servers https://ift.tt/3DbhZvm

So much for Windows 10's security: a zero-day in the device installer software grants admin rights just by plugging in a mouse or other compatible device. from Threatpost Windows 10 Admin Rights Gobbled by Razer Devices https://ift.tt/3sSH4qd