Logo Logo
  • Home
  • Modshield SB
  • services
    • Application Security Testing
    • Infrastructure Security Testing
    • IoT Security Testing
    • Testing for Compliance
    • Red Team Exercise
    • Performance Testing
  • Training
    • Cybersecurity Awareness Program
    • Secure Development – Web
    • Secure Development – Mobile
  • Resource
    • Blog
    • CyberNews
  • About
    • Partners
    • Contact

Top CyberNews November 2021 – Week 4

  • Home
  • Blog Details
November 24 2021
  • CyberNews

OpenVPN, RobinHood and GoDaddy lose millions of user data in a week.

Severe Code Execution Vulnerabilities Affect OpenVPN-Based Applications

Many use VPN to encrypt their traffic data from the point of origin to the point of the destination so that they can have their sensitive data transmitted securely. Recently Claroty did a study on several VPN based solutions. They found critical security vulnerabilities in the products of HMS Industrial Networks, MB connect line, PerFact, and Siemens.

Top CyberNews November 2021 – Week 4. Critical security vulnerabilities in the products of HMS Industrial Networks, MB connect line, PerFact, and Siemens.
Severe Code Execution Vulnerabilities affects VPN

The attacker can trick the users to fall into a malicious website and achieve code execution. Many Vendors provide System privileges which could lead the attacker to do a classic Server-Side Request Forgery (SSRF).

70 million Robinhood users data exposed

Robinhood, a trading app, has disclosed that their 70 million users data have been affected due to a data breach. It includes the data of previously deleted accounts because “Broker-Dealers: Record-Keeping Requirements” require them to preserve certain books and records.

Robinhood, a trading app, has disclosed that their 70 million users data have been affected due to a data breach
70 million Robinhood users data exposed

The malicious third party have used social engineering, to obtain access to internal support systems through a customer service professional.

Even though about one-third of their user data has been leaked no financial loss occurred since no social security numbers, and bank details of the users leaked.

1000s of GoDaddy domains breached

On Nov 22, Godaddy released a statement saying that an unauthorized third party accessed their provisioning system in their legacy code base for Managed WordPress using a compromised password. The malefactor gained access on September 6, 2021, and GoDaddy has been finally blocked the unidentified user.

Top CyberNews November 2021 – Week 4 - An unauthorized third party accessed their provisioning system in GoDaddy's legacy code base for Managed WordPress using a compromised password
1000s of GoDaddy domains breached

It is expected around 1 million user data have been leaked including sFTP and database usernames and passwords, WordPress Admin password, and SSL private key.

Read the latest news on cybersecurity

Previous Post Next Post

Leave a Comment

Recent Posts

  • Top Cyber News April Week 3
  • Top Cyber News April Week 2
  • Data security in cloud computing
  • Cybersecurity For Fintech – Finance Industry
  • Top Cyber News April Week 1

Recent Comments

  1. Vishnu on IEC 62443 – Cybersecurity for Industrial Automation and Control Systems

Archives

  • April 2022
  • March 2022
  • February 2022
  • January 2022
  • December 2021
  • November 2021
  • October 2021
  • September 2021
  • August 2021
  • December 2020
  • November 2020
  • October 2020
  • September 2020
  • June 2020

Categories

  • Blog
  • CyberNews
  • WAF
© Copyright 2020. Anada WordPres Theme By WordPressRiver
Manage Cookie Consent
To provide the best experiences, we use technologies like cookies to store and/or access device information. Consenting to these technologies will allow us to process data such as browsing behavior or unique IDs on this site. Not consenting or withdrawing consent, may adversely affect certain features and functions.
Functional Always active
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
Preferences
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
Statistics
The technical storage or access that is used exclusively for statistical purposes. The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
Marketing
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.
Manage options Manage services Manage vendors Read more about these purposes
View preferences
{title} {title} {title}