The Data Breach Twitch Suffered Had Minimal Impact, the Company Says

Earlier this month, the Twitch source code and sensitive information belonging to streamers and users were reportedly leaked online by an anonymous user on the 4chan imageboard. The hacker posted…

TrickBot Gang Enters Cybercrime Elite with Fresh Affiliates

The group – which also created BazarLoader and the Conti ransomware – has juiced its distribution tactics to threaten enterprises more than ever. The cybercriminals behind the infamous TrickBot trojan…

Missouri Vows to Prosecute ‘Hacker’ Who Disclosed Data Leak

Missouri Gov. Mike Parson launched a criminal investigation of a reporter who flagged a state website that exposed 100K+ Social-Security numbers for teachers and other state employees. The St. Louis…

Rickroll Grad Prank Exposes Exterity IPTV Bug

IPTV and IP video security is increasingly under scrutiny, even by high school kids. When Township High School District 214 in Illinois got rickrolled all at once across its six…

Verizon’s Visible Wireless Carrier Confirms Credential-Stuffing Attack

Visible says yes, user accounts were hijacked, but it denied a breach. As of today, users are still posting tales of forcibly changed passwords and getting stuck with bills for…

CryptoRom Scam Rakes in $1.4M by Exploiting Apple Enterprise Features

The campaign, which uses the Apple Developer Program and Enterprise Signatures to get past Apple’s app review process, remains active. Pyramid-scheme cryptocurrency scammers are exploiting Apple’s Enterprise Developer Program to…

Podcast: 67% of Orgs Have Been Hit by Ransomware at Least Once

Fortinet’s Derek Manky discusses a recent global survey showing that two-thirds of organizations suffered at least one ransomware attack, while half were hit multiple times. A recent report found that…

FreakOut Botnet Turns DVRs Into Monero Cryptominers

The new Necro Python exploit targets Visual Tool DVRs used in surveillance systems. Threat group FreakOut’s Necro botnet has developed a new trick: infecting Visual Tools DVRs with a Monero…

Brizy WordPress Plugin Exploit Chains Allow Full Site Takeovers

A stored XSS and arbitrary file-upload bug can be paired with an authorization bypass to wreak havoc. Vulnerabilities in the Brizy Page Builder plugin for WordPress sites could be chained…

Mandating a Zero-Trust Approach for Software Supply Chains

Sounil Yu, CISO at JupiterOne, discusses software bills of materials (SBOMs) and the need for a shift in thinking about securing software supply chains. In the wake of the SolarWinds…