Manhunt began notifying users of the security incident last month. The company did not say how many of the approximately 6 million men who use the site had been impacted by the attack.
This LPE vulnerability (not yet tracked using a CVE ID) stems from the misconfiguration of two service registry keys and it allows local attackers to escalate privileges on any fully patched systems.
The apps in question primarily targeted users in Southwest Asia and the Arabian Peninsula, attracting a total of 700,000 downloads before they were discovered and removed from the platform.
At least 10,000 UK nationals have been approached by malicious individuals using fraudulent profiles on the professional networking site, the BBC reports, citing security agency MI5.
Google released version 90.0.4430.85 of the Chrome browser for Windows, Mac, and Linux. The zero-day, which was assigned the identifier CVE-2021-21224, was described as a “type confusion in V8”.
The adversary leveraged these flaws, with intimate knowledge of the SonicWall application, to install a backdoor, access files, and emails, and move laterally into the victim organization’s network.
Eversource Energy is warning customers that the unsecured cloud storage server exposed their name, address, phone number, social security number, service address, and account number.
The patch for ProxyLogon vulnerabilities was released more than a month ago. However, one more ransomware actor succeeded in joining the list of growing numbers of new adversaries exploiting it.
REvil said it is “negotiating the sale” of the trove “with several major brands” and is sitting on data describing Apple’s Watch, MacBook Air, and MacBook Pro, plus the Lenovo ThinkPad Z60m.
A phishing campaign is luring victims into viewing a video with details of brochures and prices for an old purchase order. The malware involved has made a comeback with a new obfuscation technique.