Zoom rolls out security enhancements to stop zoombombing trolls

Zoom has announced today the rollout of new security enhancements designed to help meeting hosts to block zoombombing attempts and participants to report misbehaving users. The Zoom video conferencing software has become an extremely popular way to keep in touch with family and friends since the start of the pandemic, with the company reporting in April that its platform reached 300 million daily users.

Trump lawsuit site to report ‘rejected votes’ leaked voter data

The DontTouchTheGreenButton.com website just launched by the Trump campaign in relation to the recently filed Arizona “rejected votes” lawsuit was discovered to be leaking voter data. The data included the voter name, address, and a unique identifier. However, reports have surfaced of users alleging the website has SQL Injection flaws that make it possible to collect a voter’s SSN and date of birth.

Hacker shares 3.2 million Pluto TV accounts for free on forum

A hacker is sharing what they state are 3.2 million Pluto TV user records that were stolen during a data breach. Pluto TV is an Internet television service that lets you stream free TV shows with advertisements. The service has over 28 million members, and its mobile apps have been installed over 10 million times.

DNS cache poisoning attacks return due to Linux weakness

Researchers from Tsinghua University and the University of California have identified a new method that can be used to conduct DNS cache poisoning attacks. The findings reopen a vulnerability that had been discovered by Kaminsky in 2008 and thought to have been resolved.

Alleged source code of Cobalt Strike toolkit shared online

The source code for the widely-used Cobalt Strike post-exploitation toolkit has allegedly been leaked online in a GitHub repository. Cobalt Strike is a legitimate penetration testing toolkit that allows attackers to deploy “beacons” on compromised devices to remotely “create shells, execute PowerShell scripts, perform privilege escalation, or spawn a new session to create a listener on the victim system.”

Capcom hit by Ragnar Locker ransomware, 1TB allegedly stolen

Japanese game developer Capcom has suffered a ransomware attack where threat actors claim to have stolen 1TB of sensitive data from their corporate networks in the US, Japan, and Canada. Capcom is well-known for its iconic game franchises, including Street Fighter, Resident Evil, Devil May Cry, Monster Hunter, and Mega Man.

Brazil’s court system under massive RansomExx ransomware attack

Brazil’s Superior Court of Justice was hit by a ransomware attack on Tuesday during judgment sessions that were taking place over video conference. “The Superior Court of Justice (STJ) announces that the court’s information technology network suffered a hacker attack on Tuesday (3), during the afternoon, when the six group classes’ judgment sessions took place,” STJ President Humberto Martins said in an official statement on the Supreme Federal Court’s website.

New Pay2Key ransomware encrypts networks within one hour

A new ransomware called Pay2Key has been targeting organizations from Israel and Brazil, encrypting their networks within an hour in targeted attacks still under investigation. Michael Gillespie, the creator of ID Ransomware, has also seen submissions from Pay2Key victims predominantly from Brazilian IP addresses.