Updated: 2024-11-06 19:27:53 Pacfic
Snowflake Data Theft Suspect Arrested - 19h
A suspect named Alexander Moucka has been arrested in Canada in connection with a data theft campaign that targeted Snowflake Inc. users. The attack exploited account credentials compromised by infostealers years ago. This incident affects over 160 Snowflake users, highlighting the ongoing threat of credential-based attacks. The arrest underscores the need for robust security measures to protect sensitive data, including multi-factor authentication, strong password policies, and regular security audits. It also emphasizes the importance of international cooperation in combating cybercrime.
Zero-Click Vulnerability Found in Synology Photos App - 5d
Security researchers discovered a critical zero-click vulnerability within Synology’s Photos app, impacting millions of users. This vulnerability allows attackers to compromise the system without any user interaction. The flaw resides in a part of the app that doesn’t require authentication, enabling direct exploitation over the internet. Attackers can gain root access and install malicious code, potentially turning the infected device into a botnet for further nefarious activities. Synology has addressed the bug, but users need to manually update their devices. This incident highlights the importance of regularly updating software to mitigate security risks and the growing threat of zero-click vulnerabilities.
Phish ‘n Ships: Cybercriminals Infect Web Shops with Fake Product Listings - 5d
A group of cybercriminals, dubbed “Phish ‘n Ships” by researchers, has infected over 1,000 legitimate web shops to create and promote fake product listings. The group targets in-demand products, creating fake online stores where consumers unwittingly provide their payment card information. These infected web shops redirect visitors to fake online stores, where they are presented with fake listings for popular items. Victims are then led to third-party payment processors controlled by the fraudsters, unknowingly providing their payment details. The group has been successful in manipulating search engine rankings, making their fake listings appear high in results. This sophisticated phishing scheme has caused estimated losses of tens of millions of dollars over the past five years.