GreyKeep Security

Expert security for an evolving digital age

News

Cybersecurity Daily: August 17, 2023

· ·

GreyKeep Security Cybersecurity Daily News

Your daily dose of relevant cybersecurity advisories, industry news, and product updates for August 17, 2023.

Advisories

[Read more…] about Cybersecurity Daily: August 17, 2023

Researchers Report Increase in LinkedIn Account Hijacking Attacks

· ·

LinkedIn logo on bicycle
Photo by Greg Bulla

Researchers at Cyberint have reported a significant increase in online discussions pertaining to LinkedIn account hacking. Users have reported cases of accounts being locked, hijacked, or permanently deleted. In some instances, attackers are asking for ransom payments to recover the compromised accounts.

[Read more…] about Researchers Report Increase in LinkedIn Account Hijacking Attacks

Discord.io Temporarily Shuts Down Following Data Breach

· ·

Discord.io data breach
Photo by Alexander Shatov

The Discord.io custom invite service has temporarily shut down following a data breach that exposed information for 760K users. While not an official Discord site, the third-party service allowed visitors to search for Discord servers based on content and for server owners to create custom invites to their channels.

On August 13, a hacker known as ‘Akhirah’ began selling the Discord.io database on the Breached hacking forums. According to the hacker, the database contains information for 760,000 members, including usernames, Discord IDs, email addresses, and billing addresses among other details.

The breach is believed to have been caused by a vulnerability in the Discord.io website that provided access to the database. The site recommends that users who joined before 2018 update their password if shared with other websites.

Microsoft Now Enabling Windows Kernel Fix for All Users

· ·

Microsoft Windows kernel vulnerability
Photo by Tadas Sar

Microsoft has enabled a fix for a kernel disclosure vulnerability (CVE-2023-32019) that it had disabled in previous Windows updates. The vulnerability, discovered by Mateusz Jurczyk of Google Project Zero, allows an attacker to access the memory of privileged processes to obtain potentially sensitive information.

Microsoft previously provided instructions for administrators to enable the fix by manually editing the Windows registry, noting the “resolution described in this article introduces a potential breaking change.” The warning led to uncertainty for many administrators who held out on deploying the fix out of concern that it would interfere with their Windows installations.

Microsoft has enabled the fix by default in Windows updates wince August 8, 2023.

Cybersecurity Daily: August 15, 2023

· ·

GreyKeep Cybersecurity Daily News

Your daily dose of relevant cybersecurity advisories, industry news, and product updates for Tuesday, August 15, 2023.

Advisories

[Read more…] about Cybersecurity Daily: August 15, 2023

How can we help you become more secure? Contact Us