BetaNews: Australian political parties hit by hack orchestrated by ‘sophisticated state actor’

BetaNews: Australian political parties hit by hack orchestrated by ‘sophisticated state actor’. “Australia’s three main political parties — Liberals, Labor and Nationals — as well as the country’s parliament have all been hit by a security breach which Prime Minister Scott Morrison says was carried out by a “sophisticated state actor”.”

BetaNews: User data exposed in 500px security breach… that happened in the middle of last year

BetaNews: User data exposed in 500px security breach… that happened in the middle of last year. “The photo sharing site 500px has revealed details of a security breach that took place in mid-2018. The company says that its engineering team only became aware of the breach — which is thought to have taken place around July 5, 2018 — a few days ago. 500px launched an investigation in conjunction with a third party and police, and says that ‘an unauthorized party gained access to our systems and acquired partial user data’.”

Ever used VFEmail? No? Well, chances are you never will now: Hackers wipe servers, backups in ‘catastrophic’ attack (The Register)

The Register: Ever used VFEmail? No? Well, chances are you never will now: Hackers wipe servers, backups in ‘catastrophic’ attack. “A hacker wiped every server and backup of VFEmail this week in a ‘catastrophic’ attack, according to the webmail service. VFEmail admins detailed the network intrusion on Monday in a grim red-letter update on the site’s front page. The service’s founder Rick Romero also said it’s likely the webmail outfit is toast as a result of the ransacking.”

Black Hats & White Collars: SEC EDGAR Database Hackers Revealed (Splunk)

Splunk: Black Hats & White Collars: SEC EDGAR Database Hackers Revealed. “Over the past year, I’ve been presenting research at security conferences regarding the increasingly cozy relationship between black hat hackers and white collar criminals. One of the cases I researched was a group of hackers targeting PR firms for non-public insider information that could be monetized by trading stock based on the results of a company’s earnings and other factors. This past week it was revealed that this same group of criminal hackers and traders had become much more brazen and were also involved in the hacking of SEC’s EDGAR system targeting similar information.”

TechCrunch: Researchers find a new malware-friendly hosting site after a spike in attacks

TechCrunch: Researchers find a new malware-friendly hosting site after a spike in attacks . “Security researchers have traced a recent spike in FormBook infections to a new file-hosting service that’s been billed as a place for hackers to host their malware. Deep Instinct analysts say in new findings out Tuesday that the resurgence in FormBook malware, used as part of password and information stealing campaigns currently targeting the retail and hospitality sectors, can be traced back to the newly discovered malware-friendly site that hosts the second-stage dropper used to infect a computer with malicious code after the user opens a booby-trapped document.”

ZDNet: DailyMotion discloses credential stuffing attack

ZDNet: DailyMotion discloses credential stuffing attack. “Video sharing platform DailyMotion announced on Friday that it was the victim of a credential stuffing attack, ZDNet has learned. Credentials stuffing is a security term that describes a type of cyber-attack where hackers take combinations of usernames and passwords leaked from other sites and use them to gain illegal access on accounts on another site.”

Mashable: Instagram get hacked? Good luck getting it back.

Mashable: Instagram get hacked? Good luck getting it back.. “Instagram has a growing security problem: As the service swells to more than 1 billion users, these accounts are also becoming popular targets for hackers. And if you’re one of the thousands of people trying to regain control of a hacked Instagram account, it’s often a long, frustrating process.”