All posts by cK-bot

The Microsoft Exchange #0day exploits were abused by Chinese hackers / Hafnium. https://blogs.microsoft.com/on-the-issues/2021/03/02/new-nation-state-cyberattacks/ #china https://t.me/cKure/7023

■■□□□ The Fortune-500 hospital network owner (Universal Health Services) is facing steep costs in damages after a cyberattack impacted patient care and billing in September and October. #CyberCrime https://threatpost.com/post-cyberattack-universal-health-services-faces-67m-in-losses/164424/ https://t.me/cKure/7022

■■■■■ Four zero-days in Microsoft Exchange actively exploited in the wild. https://securityaffairs.co/wordpress/115194/hacking/microsoft-exchange-zero-days.html #0day #Zeroday https://t.me/cKure/7021

■■□□□ How I Could Have Hacked Any Instagram Account. https://thezerohack.com/hack-any-instagram https://t.me/cKure/7020

■□□□□ CVE-2021-3291: Zen Cart 1.5.7b – Remote Code Execution (Authenticated). https://www.exploit-db.com/exploits/49608 https://t.me/cKure/7018

■■□□□ Perl.com theft blamed on social engineering attack: Registrar ‘convinced’ to alter DNS records by miscreants https://www.theregister.com/2021/03/02/perl_domain_theft/ https://t.me/cKure/7017

■□□□□ JFC International, a major wholesaler and distributor of Asian food products in the United States, was hit by ransomware. https://t.me/cKure/7016

■■■■□ The Javascript-based infection framework for the Gootkit RAT was enhanced to deliver a wider variety of malware, including ransomware. https://securityaffairs.co/wordpress/115144/cyber-crime/gootkit-gootloader-evolution.html https://t.me/cKure/7015

■■■□□ #DataLeak: In January 2021, Oxfam Australia was the victim of a data breach which exposed 1.8M unique email addresses of supporters of the charity. The data was put up for sale on a popular hacking forum and also included names, phone numbers, addresses, genders and dates of birth. A small number of people also had partial…

■■□□□ In August 2020, the Dutch (#Netherlands ) ticketing service Ticketcounter inadvertently published a database backup to a publicly accessible location where it was then found and downloaded in February 2021 (unsecured staging server). The data contained 1.9M unique email addresses which were offered for sale on a hacking forum alongside names, physical and IP…