Adult Website Leaks Trove of Sensitive Data
An recently discovered unsecured database belonging to the adult streaming site Cam4 was found to contain nearly 11 billion unique records amounting to seven terabytes of data. For a site with billions of visitors each year, the exposed data could affect millions who have visited the site since March 16 of this year, and could be used to further harm individuals whose connection to the site could be politically or socially sensitive. While the database was quickly taken offline, an analysis of the data showed that, though much of the data belonged to U.S. citizens, millions of others were from South America and Europe.
Hundreds of COVID-19 Scam Sites Taken Down by HMRC
Her Majesty’s Revenue & Customs (HMRC) has recently taken down nearly 300 COVID-related scam sites and domains. Hackers are opportunistic and have taken to preying on people trying to get information on the current pandemic but are finding themselves as victims of financial scams and phishing attempts. Fortunately, many organizations have taken up the cause of identifying and removing these harmful sites.
Nearly One Million WordPress Sites Under Attack
At least 24,000 unique IP addresses have been identified in a series of on-going attacks targeting vulnerabilities in more than 900,00 WordPress sites. Many vulnerabilities have been patched in recent months, but some sites have yet to update their plugins and remain at risk. The attacks inject malicious scripts into website headers when the WordPress user is logged in. Otherwise, the victim is redirected to another malicious advertisement, in hopes of gaining some profitable information.
Tokopedia Breach Leaves 91 Million User Records Up for Grabs
Over 91 million user records belonging to Tokopedia, a major Indonesian e-commerce firm, were recently found for sale on a dark web. The sale offered records for 15 million individual, likely stolen during a security incident in March, for $5,000. With millions of users and merchants using the site regularly, the company has issued a notice for users to change passwords as they investigate the breach.
Ransomware Demanding More as Corporations Continue to Payout
In recent fiscal quarters, the earnings for Sodinokibi and Ryuk ransomware have been rising steadily as SMBs and corporations are increasingly paying ransoms for data. Over the first quarter of 2020, the average ransom payout hovered around $111,000. A year prior, the average neared only $12,000 for large companies, typically very willing to pay for the quick return of their data, so limiting the amount of downtime an attack may cause. The top earning ransomware variants, Ryuk and Sodinokibi, both have shifted their focus from service providers to carefully targeted large corporations and have even pushed ransom demands over $1 million in some instances.
