Hackers leak passwords for 500,000 Fortinet VPN accounts
Bleeping Computer, Lawrence Abrams
“This leak is a serious incident as the VPN credentials could allow threat actors to access a network to perform data exfiltration, install malware, and perform ransomware attacks.” Read More
Hackers Steal Data from United Nations
Infosecurity Magazine, Sarah Coble
“It has been theorized that the username and password used in the cyber-attack were purchased from a website on the dark web. ‘The actor conducted the intrusion with the goal of compromising large numbers of users within the UN network for further long-term intelligence gathering.” Read More
Attackers are exploiting zero-day RCE flaw to target Windows users (CVE-2021-40444)
Helpnet Security, Zeljka Zorz
“An attacker could craft a malicious ActiveX control to be used by a Microsoft Office document that hosts the browser rendering engine. The attacker would then have to convince the user to open the malicious document.” Read More
Personal data of 8,700 French visa applicants exposed in cyberattack
Silicon Republic, Blathnaid O’Dea
“Personal details including passport numbers, birth dates and addresses of 8,700 people were exposed and some details may have been stolen.” Read More
US Cyber Command Warns of Ongoing ‘Mass Exploitation’ of Critical Confluence Vulnerabilities
Dark Reading
“Atlassian on Aug. 25 issued an update for the remote code execution flaw, but attackers appear to be winning the race with organizations that have not yet applied the patch.” Read More