The last quarter of this year starts with alarming cybernews. Given the sensitivity of data that is being used daily, it is a must for every business to keep adapting to cybersecurity.
Twitch’s source code leaked
Twitch’s source code was posted as a 125GB torrent link in 4chan by an anonymous user, comments going back to its inception and more. An attacker claims to have ransacked Twitch for everything it has got, including all of its source code and user-payout information.
On 6th October Twitch posted a tweet confirming the same. The leaked data includes user information, payout amounts, source code, proprietary services, and more. According to VGC, all of Twitch’s source code was leaked, including comment history “going back to its early beginnings.”
Source: Threatpost
MyBB CAPTCHA-breaking bug
MyBB is warning users that the latest version of the software has introduced a CAPTCHA-breaking bug that could impact forum functionality. The MyBB team said that validation attempts made through the CAPTCHAs, when implemented on a forum, may “appear broken and the verification can reject or accept attempts incorrectly”.
The wrong template and handlers are being introduced for the CAPTCHAs was the cause of the issue, opened on GitHub. “After upgrading, validation errors will continue to be logged, but messages with problematic MyCode will not be displayed to prevent potential XSS attacks against your forums,” the developers say.
Source: Portswigger
LockBit ransomware variant
The Health Sector Cybersecurity Coordination Center released a threat briefing about LockBit, a ransomware group that has recently debuted a new variant. “Threat actors continue to view unpatched systems as an easy, if not preferred, method of intrusion,” wrote officials from the cybersecurity arm of the U.S. Department of Health and Human Services in its brief.
HC3 uses a double extortion technique via StealBit malware. It includes faster encryption and bypasses user account control mechanisms.
LockBit was launched in September 2020 and was advertised as RaaS – Ransomware as a Service in January 2021. The same were the ones behind the Accenture ransomware attack in which Accenture faced $50 million in ransom.
Source: Todaynewspost
Click here to read the latest CyberNews