admin

admin

  • Joined: September 10, 2024
  • Articles: 8822

Three LulzSec Hackers Admit Guilt in NHS and Sony Cyber Attacks

April 9, 2013

Three members of the notorious hacktivist group LulzSec have pleaded guilty to their involvement in a series of cyber attacks targeting the NHS, Sony, and News International. Ryan Ackroyd, Jake Davis, and Mustafa Al-Bassam confessed to committing an unauthorized act to disrupt computer operations, violating the Criminal Law Act of 1977.

In July 2011, the Sun’s website was compromised, with users momentarily redirected to a fake page falsely announcing Rupert Murdoch’s death. Both Davis, hailing from Shetland, and Bassam, a student from Peckham in south London, admitted to conspiring to attack websites of law enforcement agencies in the UK and US, including the CIA and the Serious Organized Crime Agency (SOCA).

As an offshoot of the Anonymous hacktivists, LulzSec, along with Anonymous, caused significant disruption throughout 2011 and 2012, taking thousands of websites offline and stealing data from prominent companies. The three men are facing…

Three LulzSec Hackers Admit Guilt in NHS and Sony Attacks Date: April 9, 2013 In a significant turn of events within the cyber threat landscape, three members of the notorious hacking collective LulzSec have pleaded guilty to participating in a…

Google Alerts: Salesloft Drift Breach Affects All Integrations Beyond Salesforce

Aug 29, 2025
Data Breach / Salesforce

Google has issued a warning regarding the recent surge of attacks on Salesforce instances via Salesloft Drift, revealing that the scope of the breach is wider than initially believed. The advisory advises all Salesloft Drift customers to consider any authentication tokens linked to the Drift platform as potentially compromised. According to the Google Threat Intelligence Group (GTIG) and Mandiant, the attackers utilized stolen OAuth tokens to access emails from a select few Google Workspace accounts on August 9, 2025, following the breach of the OAuth tokens for the “Drift Email” integration. Importantly, this incident does not represent a compromise of Google Workspace or Alphabet itself. Only accounts specifically set up to integrate with Salesloft were at risk; other accounts on a customer’s Workspace remained secure.

Google Issues Warning on Expanded Impact of Salesloft Drift Breach August 29, 2025 In a significant cybersecurity alert, Google has disclosed that the recent attacks targeting Salesforce instances through Salesloft’s Drift platform are far-reaching, affecting all integrations beyond Salesforce. In…

Critical Windows Update: Address 117 Security Flaws, Including 9 Active Zero-Days

July 14, 2021

Microsoft has released its July Patch Tuesday updates, addressing a total of 117 security vulnerabilities, among which are nine zero-day flaws—four of which are currently being exploited in the wild, potentially allowing attackers to gain control of affected systems. Out of these vulnerabilities, 13 are classified as Critical, 103 as Important, and one as Moderate in severity. Notably, six of these vulnerabilities were publicly known at the time of the update.

The updates affect a wide range of Microsoft products, including Windows, Bing, Dynamics, Exchange Server, Office, the Scripting Engine, Windows DNS, and Visual Studio Code. This month saw a significant increase in the number of vulnerabilities patched, surpassing the totals from May (55) and June (50).

Among the most critical actively exploited vulnerabilities are:

  • CVE-2021-34527 (CVSS Score: 8.8) – Windows Print Spooler Remote Code Execution…

Microsoft Addresses 117 Security Vulnerabilities in July Patch Update, Including Nine Zero-Day Flaws Microsoft has released its July Patch Tuesday updates, addressing a total of 117 security vulnerabilities across a wide range of its products. Among these, there are nine…

Over 50 Million LivingSocial Customers Impacted by Cyber Attack

April 27, 2013

LivingSocial, the daily deals platform partially owned by Amazon Inc., has experienced a significant cyber attack that may have compromised the data of over 50 million customers. As a precaution, all affected users will need to reset their passwords. With a global membership of 70 million, the leaked information includes names, email addresses, birth dates, and encrypted passwords, although credit card and financial information remain secure, according to the company. The breach has impacted customers in regions including North America, Australia, New Zealand, the UK, Ireland, Malaysia, as well as LetsBonus users in Southern Europe and Latin America. Affected users are advised to stay vigilant, as the stolen information could be used for phishing attempts. LivingSocial is proactively emailing customers to initiate a password change.

LivingSocial Data Breach Affects 50 Million Customers On April 27, 2013, LivingSocial, a daily deals platform partly owned by Amazon Inc., disclosed that it fell victim to a significant cyberattack impacting the personal information of over 50 million customers. This…

Feds Shut Down $6.4M VerifTools Fake ID Marketplace, Operators Quickly Relaunch on New Domain

Authorities from the Netherlands and the U.S. have successfully dismantled VerifTools, an illegal marketplace supplying counterfeit identity documents to cybercriminals globally. The operation resulted in the seizure of two website domains and a related blog, which now redirect users to a notice about the FBI’s enforcement action under a U.S. District Court warrant. However, just days later, the platform’s operators announced a relaunch at “veriftools.com.” The domain, registered in 2018, now raises questions regarding its administrators’ identities.

Feds Dismantle $6.4M VerifTools Counterfeit ID Marketplace; Operators Quickly Restart on New Domain Authorities from the United States and the Netherlands have successfully shut down VerifTools, a highly illicit marketplace known for selling fake identity documents to cybercriminals worldwide. In…

Suspected Hacker Arrested in Connection with Historic DDoS Attack on Spamhaus

April 27, 2013

Dutch police have arrested a 35-year-old man linked to a colossal DDoS attack on the anti-spam organization Spamhaus that occurred in March. This attack, which peaked at over 300 Gbps, is recorded as the largest DDoS attack ever. Spamhaus, known for creating blacklists that identify spam sites for Internet Service Providers, experienced a severe disruption as its website was overwhelmed with traffic.

Following the attack, Spamhaus enlisted CloudFlare for protection against future threats. The arrest took place in Barcelona under a European arrest warrant, with plans for the suspect’s transfer to the Netherlands. The individual arrested is believed to be Sven Kamphuis, the owner of Dutch hosting company Cyberbunker, which has been connected to the attack. This incident is thought to have been triggered by Spamhaus blacklisting Cyberbunker.

Suspected Hacker Arrested in Connection with Largest DDoS Attack on Spamhaus April 27, 2013 In a significant development for cybersecurity, Dutch law enforcement authorities have confirmed the arrest of a 35-year-old man believed to be involved in the largest Distributed…

Click Studios Addresses Authentication Bypass Vulnerability in Passwordstate’s Emergency Access Page

Published: August 29, 2025 | Category: Vulnerability / Enterprise Security

Click Studios, the developer behind Passwordstate, an enterprise password management solution, has released critical security updates to fix an authentication bypass vulnerability in its software. This high-severity issue, yet to receive a CVE identifier, has been resolved in Passwordstate version 9.9 (Build 9972), launched on August 28, 2025. The Australian company reported that the update addresses a “potential Authentication Bypass” in the Emergency Access page when exploited with a specially crafted URL. Additionally, the latest version incorporates enhanced protections against possible clickjacking attacks targeting its browser extension, particularly if users navigate to compromised sites. These enhancements likely respond to insights from security researcher Marek Tóth, who recently revealed a technique involving Document Object Model (DOM)-based extension clickjacking affecting various password manager browser add-ons.

Click Studios Addresses Critical Security Flaw in Passwordstate’s Emergency Access Feature On August 29, 2025, Click Studios, the developer behind the enterprise-level password management tool Passwordstate, announced the release of significant security updates aimed at resolving a high-severity authentication bypass…