Logo Logo
  • Home
  • Modshield SB
  • services
    • Application Security Testing
    • IoT Security Testing
    • Infrastructure Security Testing
    • Testing for Compliance
    • Red Team Exercise
    • Performance Testing
  • Training
    • Cybersecurity Awareness Program
    • Cybersecurity For Developers(Web Application)
    • Cybersecurity For Developers(Mobile Application)
  • Resources
    • Blog
    • CyberNews
  • About
    • Partners
    • Contact

Top CyberNews November 2021 – Week 4

  • Home
  • Blog Details
November 24 2021
  • CyberNews

OpenVPN, RobinHood and GoDaddy lose millions of user data in a week.

Severe Code Execution Vulnerabilities Affect OpenVPN-Based Applications

Many use VPN to encrypt their traffic data from the point of origin to the point of the destination so that they can have their sensitive data transmitted securely. Recently Claroty did a study on several VPN based solutions. They found critical security vulnerabilities in the products of HMS Industrial Networks, MB connect line, PerFact, and Siemens.

Top CyberNews November 2021 – Week 4. Critical security vulnerabilities in the products of HMS Industrial Networks, MB connect line, PerFact, and Siemens.
Severe Code Execution Vulnerabilities affects VPN

The attacker can trick the users to fall into a malicious website and achieve code execution. Many Vendors provide System privileges which could lead the attacker to do a classic Server-Side Request Forgery (SSRF).

70 million Robinhood users data exposed

Robinhood, a trading app, has disclosed that their 70 million users data have been affected due to a data breach. It includes the data of previously deleted accounts because “Broker-Dealers: Record-Keeping Requirements” require them to preserve certain books and records.

Robinhood, a trading app, has disclosed that their 70 million users data have been affected due to a data breach
70 million Robinhood users data exposed

The malicious third party have used social engineering, to obtain access to internal support systems through a customer service professional.

Even though about one-third of their user data has been leaked no financial loss occurred since no social security numbers, and bank details of the users leaked.

1000s of GoDaddy domains breached

On Nov 22, Godaddy released a statement saying that an unauthorized third party accessed their provisioning system in their legacy code base for Managed WordPress using a compromised password. The malefactor gained access on September 6, 2021, and GoDaddy has been finally blocked the unidentified user.

Top CyberNews November 2021 – Week 4 - An unauthorized third party accessed their provisioning system in GoDaddy's legacy code base for Managed WordPress using a compromised password
1000s of GoDaddy domains breached

It is expected around 1 million user data have been leaked including sFTP and database usernames and passwords, WordPress Admin password, and SSL private key.

Read the latest news on cybersecurity

Previous Post Next Post

Leave a Comment

Recent Posts

  • SOC 2 Compliance – Complete Guide
  • What is compliance and why do you need it?
  • OWASP WAF – Web Application Firewall
  • Top Cyber News April Week 3
  • Top Cyber News April Week 2

Recent Comments

  1. Vishnu on IEC 62443 – Cybersecurity for Industrial Automation and Control Systems

Archives

  • July 2022
  • June 2022
  • April 2022
  • March 2022
  • February 2022
  • January 2022
  • December 2021
  • November 2021
  • October 2021
  • September 2021
  • August 2021
  • December 2020
  • November 2020
  • October 2020
  • September 2020
  • June 2020

Categories

  • Blog
  • CyberNews
© Copyright 2020. Anada WordPres Theme By WordPressRiver