Wifi routers and VPN appliances targeted by notorious botnet Quad7
The mysterious Quad7 botnet has evolved its tactics to compromise several brands of Wi-Fi routers and VPN appliances. It’s armed with new backdoors, multiple vulnerabilities, some of which were previously unknown, and new staging servers and clusters, according to a report by Sekoia, a cybersecurity firm.
Major US car rental breach exposes hundreds of thousands
Attackers roamed the systems of Avis Car Rental, a major car rental service provider, for several days, accessing data of nearly 300,000 individuals. Malicious actors breached Avis systems on August 3rd and roamed inside the system for three days until the company secured its networks. The company’s data breach notification letter, submitted to the Maine Attorney General’s Office, states that Avis discovered the breach on August 5th, indicating it took at least one day to kick the malicious actors out.
RockYou2024: 10 billion passwords leaked in the largest compilation of all time
The largest password compilation with nearly ten billion unique passwords was leaked on a popular hacking forum. The Cybernews research team believes the leak poses severe dangers to users prone to reusing passwords. The king is dead. Long live the king. Cybernews researchers discovered what appears to be the largest password compilation with a staggering 9,948,575,739 unique plaintext passwords. The file with the data, titled rockyou2024.txt, was posted on July 4th by forum user ObamaCare.
Levi Strauss notifies customers of cyberattack
Personal information, including partial payment details, may have been obtained by bad actors during an automated credential-stuffing attack on Levi’s online store. The maker of the famous Levi’s denim jeans reported that over 72,000 accounts were affected during a “security incident” that was detected on July 13th.
London hospital attackers started leaking blood test data
Cybercriminals behind attacks disrupting at least five London hospitals leaked nearly 400 gigabytes of data, which reportedly included blood test information. Qilin ransomware started leaking data stolen from England National Health Service (NHS) partner Synnovis labs. According to reports from the BBC, the data includes patient names, dates of birth, NHS numbers, descriptions of blood tests, and other information.
Cooler Master allegedly breached, members exposed
Cooler Master, a popular computer hardware maker, has allegedly suffered from a data breach, exposing the company’s corporate data as well as the personal details of members from its fan-based members program. The attackers claim to have stolen 103GB of data from the company’s servers on May 18th. According to the attacks’ perpetrators, the allegedly stolen information carries a trove of sensitive data, including Cooler Master’s Fanzone members’ payment card details.
Andrew Tate’s The Real World exposes 22M user messages
The Real World, a learning platform from the controversial social media personality Andrew Tate, has leaked nearly a million users and over 22 million messages. Hundreds of thousands of exposed users, millions of messages, and session tokens – that’s the reality that The Real World finds itself in. The Cybernews research team has uncovered an exposed MongoDB instance with 88GB from one of The Real World’s servers.
GitHub leak exposes Chinese offensive cyber operations – researchers
The leaked documents supposedly discuss spyware developed by I-Soon, a Chinese infosec company, that’s targeting social media platforms, telecommunications companies, and other organizations worldwide. Researchers suspect the operations are orchestrated by the Chinese government. Unknown individuals allegedly leaked a trove of Chinese government documents on GitHub. The documents reveal how China conducts offensive cyber operations with spyware developed by I-Soon, Taiwanese threat intelligence researcher Azaka Sekai claims.