Firefox Vulnerability Leads to Crash
A new denial-of-service (DoS) attack has been created with the ability to cause desktop versions of the browser Firefox to freeze or crash. Upon visiting sites where the malicious script is present, the user’s browser forces download requests for a massive junk file that can cause the IPC channel for the browser to crash. Luckily, the researcher who created the attack method has contacted Mozilla about the issue, and there’s hope for a swift resolution.
Kodi Media Player Used to Spread Malware
Nearly 5,000 computers were recently compromised with cryptomining malware that was silently distributed either through malicious builds of the Kodi media player or from third-party add-ons used to enhance the player. Most of the infected computers were found to be mining for Monero and have already mined around $6,700 since the beginning of the campaign. When obtaining these types of add-ons, its best to visit official repositories rather than third-parties, as they tend to be more discerning of content they are hosting.
Online Fashion Retailer Breached
SHEIN has revealed a data breach from June that they themselves only discovered within the last month. Nearly 6.5 million customers could be affected, as the systems storing login credentials were compromised in the attack, the company stated in a recent press release. Fortunately for those customers, the company says they do not store payment data so a simple password change should be sufficient to protect their clients.
Scottish Brewery Hit by Ransomware
After publishing a job opening to their own site, Arran Brewery was able to successfully fill the needed position. Unfortunately for the Scottish brewery, attackers posted that listing on several international recruiting sites and received dozens of applications including documents embedded with ransomware, resulting in the company being locked out of crucial systems and a ransom demand of two Bitcoins. Arran Brewery opted to restore their systems from offsite backups rather than pay the ransom, but lost up to three months of data due to outdated backups.
DoorDash Customers Complain About Hacked Accounts
Several dozen people have contacted DoorDash regarding fraudulent orders placed on their accounts. DoorDash’s was confident they were not to blame for the breach, instead blaming “credential stuffing,” a tactic where attackers try using previous breach data from other sites hoping the same password was used multiple times. The company says it has no plans to implement further security measures such as two-factor authentication.