The Easy WP SMTP Plug-in is used by WordPress site owners to configure the SMTP settings of their site server’s outgoing emails. It’s being leveraged by hacker groups to create backdoor admin accounts and redirecting users to tech support scams. Both, NinTechNet and Defiant – cybersecurity companies have reported about the attacks.
An important privilege escalation vulnerability (CVE-2019-0211) affects the Apache HTTP server and can be exploited by users whom can write and run scripts to gain root on Unix systems, via scoreboard manipulation. Charles Fol was the first to discover this vulnerability. This flaw is said to impact all the Apache HTTP Server releases from 2.4.17 to 2.4.38.
An attack code was published on Friday that exploits a critical vulnerability in the Magento e-commerce platform. This exploit affects the following versions:
· Magento Commerce < 1>
· Magento Open Source < 1>
· Magento < 2>
· Magento < 2>
· Magento < 2>
To protect from this vulnerability, one can install a stand-alone patch. To be fully protected against all vulnerabilities, sites must be upgraded to Magento Commerce or Open Source 2.3.1 or 2.2.8.
A database named as Elasticsearch contained 57GB data of Chinese user’s profiles comprised of jobseeker’s name, age, city, gender, marital status, phone number, and salary. The database was discovered by Sanyam Jain on 10th March 2019, a security researcher and an active member in GDI foundation. The database was exposed through a search engine called as Shodan.
This time, a ransomware attack identified as LockerGoga has struck one of the world’s largest Aluminium producer named as Norsk Hydro. This ransomware had crippled some of the company’s infrastructure and has damaged many operations of its various businesses. The company said that the attack was caused by ransomware infection. They also announced their plans to restore impacted systems using backups. However, the country’s Computer Emergency Response Team (CERT) is now cautioning other companies about this obnoxious attack.
Noam Rotem, a renounced white-hat and an activist of VPN mentor’s security team has discovered a major security breach in one of the most successful Chinese e-commerce company, named as Gearbest. The company exposed databases that contained unencrypted data like email addresses, passwords of over thousands of users, order details of many sex toys, vouchers, and much more.
Earl Enterprises, the parent company of a popular restaurant chain Planet Hollywood, got hacked and the payment information of more than two million users have been compromised. This included card numbers, customer names, and card expiration dates. Hackers accessed data from restaurant goers at Buca di Beppo, Earl of Sandwich, and Planet Hollywood (Las Vegas, New York and Orlando). They later reported that this incident has been contained.
Facebook, once again is hit by a privacy controversy as the passwords of hundred million users unfortunately, were left unencrypted. Apropos of that, even Instagram users were affected. Pedro Canahuati, Facebook’s vice president of engineering revealed to press that the company will notify victims, without much delay
On 8th March, a federal lawsuit has been filed by one of the most powerful tech beast, Facebook, against two hackers from Ukraine. They had enticed more than 60,000 Facebook users into installing malicious browser extensions. Facebook also claimed that the perpetrators caused a damage of more than $75,000. Facebook sued those hackers whom were found to be affiliated with a tech company named as Web Sun Group.
A former Bigg Boss 12 contestant from Jaipur, Somi Khan got her Instagram account hacked on Saturday. She came to know about this hack incident on Saturday night and informed the Cyber Cell department. She also cautioned people not to believe anything that comes from her Instagram account.
A man from Lithuania named as Evaldas Rimausauskas stole between 2013_2015, a whopping amount of $122 m from two biggest corporate giants. From Facebook, he stole $99m dollars and from Google, he stole $23m. He agreed to forfeit $50m. But, it isn’t evident of what he had done with the remaining $72m. Evaldas will be sentenced on July 29th, and faces 30 years in prison.
Two North Texas towns in Dallas County named as DeSoto and Lancaster, got their tornado emergency sirens turned off by a hacker on the night of March 12th, between 02:30 A.M-04:00 A.M. Over 30 sirens went on and off, with 10 in DeSoto and 20 in Lancaster. According to CBS Dallas, DeSoto and Lancaster officials confirmed it as a hack incident. The two hacked systems were taken offline and have remained offline, ever since then.
Bhartiya Janata Party’s (BJP) official website (www.bjp.org) has been hacked by anonymous hackers. No hacker group has claimed responsibility of the attack, till now. When accessed at 11.30 am on Tuesday, the website was hacked with profane language being posted on the website. Later, the site became inaccessible with an error message on it.
Kamal Nath late night decision to withdraw security cover from RSS office with just few days before Lok Sabha elections gained intense criticisms from many quarters. Post this, former chief minister and Congress veteran Digvijaya singh rebuked the decision. With government taking no word of mouth on this, Police officials confirmed that additional security measures are kept at booths.
Similar to Truecaller app, Dalil is an Android app that provides caller ID services but only for Saudi and other Arabian users. Security researchers Ran Locar and Noam Rotem, discovered that this app has been leaking user’s data like cell phone numbers, device details, telecom operator details, GPS coordinates, and much more, over a week. Roughly, 208,000 unique phone numbers and 44 million app events of data have been leaked. The cause is identified to be a MongoDB database, which has been left accessible online without a password.
Hackers recently accessed student’s data from Hamilton College and from other two colleges. After identification, an official investigation was launched by cybersecurity professionals. It was figured out that a ransomware attack had damaged some of their systems. However, College executives have reached out to those, whose data were accessed and swore safety measures, to safeguard them.