Belarusian ‘Ghostwriter’ Actor Picks Up BitB for Ukraine-Related Attacks
Ghostwriter is one of 3 campaigns using war-themed attacks, with cyber-fire coming in from government-backed actors in China, Iran, North Korea & Russia. [...]
Showing only posts tagged hacks. Show all posts.
Automaker Cybersecurity Lagging Behind Tech Adoption, Experts Warn
A bug in Honda is indicative of the sprawling car-attack surface that could give cyberattackers easy access to victims, as global use of ‘smart car tech’ and EVs surges. [...]
A Blockchain Primer and a Bored Ape Headscratcher – Podcast
Mystified? Now’s the time to learn about cryptocurrency-associated risks: Listen to KnowBe4’s Dr. Lydia Kostopoulos explain blockchain, NFTs and how to stay safe. [...]
Lapsus$ ‘Back from Vacation’
Lapsus$ added IT giant Globant plus 70GB of leaked data – including admin credentials for scads of customers' DevOps platforms – to its hit list. [...]
Okta Says It Goofed in Handling the Lapsus$ Attack
"We made a mistake," Okta said, owning up to its responsibility for security incidents that hit its service providers and potentially its own customers. [...]
DOJ Indicts Russian Gov’t Employees Over Targeting Power Sector
The supply-chain attack on the U.S. energy sector targeted thousands of computers at hundreds of organizations, including at least one nuclear power plant. [...]
HubSpot Data Breach Ripples Through Crytocurrency Industry
~30 crypto companies were affected, including BlockFi, Swan Bitcoin and NYDIG, providing an uncomfortable reminder about how much data CRM systems snarf up. [...]
Microsoft: Lapsus$ Used Employee Account to Steal Source Code
The data-extortion gang got at Microsoft's Azure DevOps server. Meanwhile, fellow Lapsus$ victim and authentication firm Okta said 2.5 percent of customers were affected in its own Lapsus$ attack. [...]
Lapsus$ Data Kidnappers Claim Snatches From Microsoft, Okta
Lapsus$ shared screenshots of internal Okta systems and 40Gb of purportedly stolen Microsoft data on Bing, Bing Maps and Cortana. [...]
Serpent Backdoor Slithers into Orgs Using Chocolatey Installer
An unusual attack using an open-source Python package installer called Chocolatey, steganography and Scheduled Tasks is stealthily delivering spyware to companies. [...]
Browser-in-the-Browser Attack Makes Phishing Nearly Invisible
Can we trust web browsers to protect us, even if they say “https?” Not with the novel BitB attack, which fakes popup SSO windows to phish away credentials for Google, Facebook and Microsoft, et al. [...]
Facestealer Trojan Hidden in Google Play Plunders Facebook Accounts
The trojanized Craftsart Cartoon Photo Tools app is available in the official Android app store, but it's actually spyware capable of stealing any and all information from victims' social-media accounts. [...]
DarkHotel APT Targets Wynn, Macao Hotels to Rip Off Guest Data
A DarkHotel phishing campaign breached luxe hotel networks, including Wynn Palace and the Grand Coloane Resort in Macao, a new report says. [...]
Google Blows Lid Off Conti, Diavol Ransomware Access-Broker Ops
Researchers have exposed the work of Exotic Lily, a full-time cybercriminal initial-access group that uses phishing to infiltrate organizations’ networks for further malicious activity. [...]
APT41 Spies Broke Into 6 US State Networks via a Livestock App
The China-affiliated state-sponsored threat actor used Log4j and zero-day bugs in the USAHerds animal-tracking software to hack into multiple government networks. [...]
Samsung Confirms Lapsus$ Ransomware Hit, Source Code Leak
The move comes just a week after GPU-maker NVIDIA was hit by Lapsus$ and every employee credential was leaked. [...]
Russia Leaks Data From a Thousand Cuts–Podcast
It’s not just Ukraine: There's a flood of intel on Russian military, nukes and crooks, says dark-web intel expert Vinny Troia, even with the Conti ransomware gang shuttering its leaking Jabber chat server. [...]
Ukraine-Russia Cyber Warzone Splits Cyber Underground
A pro-Ukraine Conti member spilled 13 months of the ransomware group's chats, while cyber actors are rushing to align with both sides. [...]
Toyota to Close Japan Plants After Suspected Cyberattack
The plants will shut down on Tuesday, halting about a third of the company’s global production. Toyota doesn’t know how long the 14 plants will be unplugged. [...]
White House Denies Mulling Massive Cyberattacks Against Russia
The options reportedly included tampering with trains, electric service and internet connectivity, hampering Russia's military operations in Ukraine. [...]
The Art of Non-boring Cybersec Training–Podcast
With human error being the common factor in most cyberattacks, employee training has got to get better. To that end, Trustwave cybersec training expert Darren Van Booven explains the importance of fish stress balls and management buy-in. [...]
Sextortion Rears Its Ugly Head Again
Attackers are sending email blasts with malware links in embedded PDFs as a way to evade email filters, lying about having fictional "video evidence." [...]
NFT Investors Lose $1.7M in OpenSea Phishing Attack
Attackers took advantage of a smart-contract migration to swindle 17 users. [...]
Iranian State Broadcaster Clobbered by ‘Clumsy, Buggy’ Code
Researchers said a Jan. 27 attack that aired footage of opposition leaders calling for assassination of Iran’s Supreme Leader was a clumsy and unsophisticated wiper attack. [...]
Ukrainian DDoS Attacks Should Put US on Notice–Researchers
On Tuesday, institutions central to Ukraine’s military and economy were hit with denial-of-service (DoS) attacks. Impact was limited, but the ramifications are not. [...]
« newer articles | page 3 | older articles »