Enlarge / Dmitry Yuryevich Khoroshev, aka LockBitSupp (credit: UK National Crime Agency) Since at least 2019, a shadowy figure hiding behind several pseudonyms has publicly gloated for extorting millions of dollars from thousands of victims he and his associates had hacked. Now, for the first time, “LockBitSupp” has been unmasked …

Enlarge (credit: Getty Images) Researchers have devised an attack against nearly all virtual private network applications that forces them to send and receive some or all traffic outside of the encrypted tunnel designed to protect it from snooping or tampering. TunnelVision, as the researchers have named their attack, largely …

Enlarge (credit: Getty Images) Translating numerical IP addresses into human-readable domain names has long been fraught with gaping security risks. After all, lookups are rarely end-to-end encrypted. The servers providing domain name lookups provide translations for virtually any IP address—even when they’re known to be malicious. And …

Enlarge A maximum severity vulnerability that allows hackers to hijack GitLab accounts with no user interaction required is now under active exploitation, federal government officials warned as data showed that thousands of users had yet to install a patch released in January. A change GitLab implemented in May 2023 …

Enlarge (credit: Aurich Lawson / Ars Technica ) Cybercriminals and spies working for nation-states are surreptitiously coexisting inside compromised name-brand routers as they use the devices to disguise attacks motivated both by financial gain and strategic espionage, researchers said. In some cases, the coexistence is peaceful, as financially motivated hackers provide …

Enlarge (credit: Getty Images) Change Healthcare, the health care services provider that recently experienced a ransomware attack that hamstrung the US prescription market for two weeks, was hacked through a compromised account that failed to use multifactor authentication, the company CEO told members of Congress. The February 21 attack …

Enlarge (credit: Getty Images) Authentication service Okta is warning about the “unprecedented scale” of an ongoing campaign that routes fraudulent login requests through the mobile devices and browsers of everyday users in an attempt to conceal the malicious behavior. The attack, Okta said, uses other means to camouflage the …

Enlarge (credit: Getty Images) Hackers are assailing websites using a prominent WordPress plugin with millions of attempts to exploit a high-severity vulnerability that allows complete takeover, researchers said. The vulnerability resides in WordPress Automatic, a plugin with more than 38,000 paying customers. Websites running the WordPress content management …

Enlarge (credit: Getty Images) A now-abandoned USB worm that backdoors connected devices has continued to self-replicate for years since its creators lost control of it and remains active on thousands, possibly millions, of machines, researchers said Thursday. The worm—which first came to light in a 2023 post published …

Enlarge (credit: Getty Images ) Hackers backed by a powerful nation-state have been exploiting two zero-day vulnerabilities in Cisco firewalls in a five-month-long campaign that breaks into government networks around the world, researchers reported Wednesday. The attacks against Cisco’s Adaptive Security Appliances firewalls are the latest in a rash …

Enlarge (credit: Getty Images) Hackers abused an antivirus service for five years in order to infect end users with malware. The attack worked because the service delivered updates over HTTP, a protocol vulnerable to attacks that corrupt or tamper with data as it travels over the Internet. The unknown …

Enlarge (credit: Getty Images) Kremlin-backed hackers have been exploiting a critical Microsoft vulnerability for four years in attacks that targeted a vast array of organizations with a previously undocumented tool, the software maker disclosed Monday. When Microsoft patched the vulnerability in October 2022—at least two years after it …

Enlarge (credit: Getty Images) Password-manager LastPass users were recently targeted by a convincing phishing campaign that used a combination of email, SMS, and voice calls to trick targets into divulging their master passwords, company officials said. The attackers used an advanced phishing-as-a-service kit discovered in February by researchers from …

Enlarge (credit: da-kuk/Getty ) Kremlin-backed actors have stepped up efforts to interfere with the US presidential election by planting disinformation and false narratives on social media and fake news sites, analysts with Microsoft reported Wednesday. The analysts have identified several unique influence-peddling groups affiliated with the Russian government seeking …

Enlarge (credit: Matejmo | Getty Images) Cisco’s Talos security team is warning of a large-scale credential compromise campaign that’s indiscriminately assailing networks with login attempts aimed at gaining unauthorized access to VPN, SSH, and web application accounts. The login attempts use both generic usernames and valid usernames targeted …

Enlarge (credit: Getty Images) Federal prosecutors indicted a Nebraska man on charges he perpetrated a cryptojacking scheme that defrauded two cloud providers—one based in Seattle and the other in Redmond, Washington—out of $3.5 million. The indictment, filed in US District Court for the Eastern District of …

Enlarge (credit: Getty Images ) Highly capable hackers are rooting multiple corporate networks by exploiting a maximum-severity zero-day vulnerability in a firewall product from Palo Alto Networks, researchers said Friday. The vulnerability, which has been under active exploitation for at least two weeks now, allows the hackers with no authentication …

Enlarge (credit: Intel) Hardware sold for years by the likes of Intel and Lenovo contains a remotely exploitable vulnerability that will never be fixed. The cause: a supply chain snafu involving an open source software package and hardware from multiple manufacturers that directly or indirectly incorporated it into their …

Enlarge (credit: Getty Images) AT&T is notifying millions of current or former customers that their account data has been compromised and published last month on the dark web. Just how many millions, the company isn't saying. In a mandatory filing with the Maine Attorney General’s office, the …

Enlarge (credit: Getty Images) As many as 91,000 LG TVs face the risk of being commandeered unless they receive a just-released security update patching four critical vulnerabilities discovered late last year. The vulnerabilities are found in four LG TV models that collectively comprise slightly more than 88,000 …

Enlarge (credit: Getty Images) Hackers are actively exploiting a pair of recently discovered vulnerabilities to remotely commandeer network-attached storage devices manufactured by D-Link, researchers said Monday. Roughly 92,000 devices are vulnerable to the remote takeover exploits, which can be remotely transmitted by sending malicious commands through simple HTTP …

Enlarge / Downtown Kansas City, Missouri, which is part of Jackson County. (credit: Eric Rogers ) Jackson County, Missouri, has declared a state of emergency and closed key offices indefinitely as it responds to what officials believe is a ransomware attack that has made some of its IT systems inoperable. "Jackson …

Enlarge (credit: Getty Images) On Friday, a lone Microsoft developer rocked the world when he revealed a backdoor had been intentionally planted in xz Utils, an open source data compression utility available on almost all installations of Linux and other Unix-like operating systems. The person or people behind this …

Enlarge / Internet Backdoor in a string of binary code in a shape of an eye. (credit: Getty Images) Researchers have found a malicious backdoor in a compression tool that made its way into widely used Linux distributions, including those from Red Hat and Debian. The compression utility, known as …

Enlarge / Internet Backdoor in a string of binary code in a shape of an eye. (credit: Getty Images) Researchers have found a malicious backdoor in a compression tool that made its way into widely used Linux distributions, including those from Red Hat and Debian. The compression utility, known as …