#hackers

[ follow ]
#cybersecurity

Salt Typhoon cyberattack: Encrypted messaging apps and other ways to stay safe amid the Chinese telecom hack

The 'Salt Typhoon' cyberattack poses significant risks to telecommunications and the private communications of Americans, linked to Chinese hackers.

Researchers say easy-to-exploit security bugs in ConnectWise remote access software now under mass-attack | TechCrunch

Two easy-to-exploit flaws in ConnectWise ScreenConnect are being mass-exploited by hackers.
Hackers are using the vulnerabilities to deploy ransomware and steal sensitive data.

Microsoft says Russian hackers continue to attackand stole some of its source code

State-sponsored hackers, backed by Russia, continue to target Microsoft's systems and have successfully stolen source code repositories.
Obtaining source code allows hackers to understand software programs, potentially leading to follow-up attacks.

Gang posts links to 'bank information' from Federal Reserve 'hack'

LockBit gang threatens to release claimed Federal Reserve data if demands not met.

AI Helps U.S. Intelligence Track Hackers Targeting Critical Infrastructure

U.S. intelligence authorities are using AI to detect hackers targeting critical infrastructure.
AI is also being used by hackers in their attacks.

Roku hackers breach 15,000 accounts and are selling them online

Hackers gained access to Roku accounts and credit card information through credential stuffing.
Roku has secured compromised accounts and advised users to reset passwords and monitor for unauthorized purchases.

Salt Typhoon cyberattack: Encrypted messaging apps and other ways to stay safe amid the Chinese telecom hack

The 'Salt Typhoon' cyberattack poses significant risks to telecommunications and the private communications of Americans, linked to Chinese hackers.

Researchers say easy-to-exploit security bugs in ConnectWise remote access software now under mass-attack | TechCrunch

Two easy-to-exploit flaws in ConnectWise ScreenConnect are being mass-exploited by hackers.
Hackers are using the vulnerabilities to deploy ransomware and steal sensitive data.

Microsoft says Russian hackers continue to attackand stole some of its source code

State-sponsored hackers, backed by Russia, continue to target Microsoft's systems and have successfully stolen source code repositories.
Obtaining source code allows hackers to understand software programs, potentially leading to follow-up attacks.

Gang posts links to 'bank information' from Federal Reserve 'hack'

LockBit gang threatens to release claimed Federal Reserve data if demands not met.

AI Helps U.S. Intelligence Track Hackers Targeting Critical Infrastructure

U.S. intelligence authorities are using AI to detect hackers targeting critical infrastructure.
AI is also being used by hackers in their attacks.

Roku hackers breach 15,000 accounts and are selling them online

Hackers gained access to Roku accounts and credit card information through credential stuffing.
Roku has secured compromised accounts and advised users to reset passwords and monitor for unauthorized purchases.
morecybersecurity
#data-breach

Hackers got nearly 7 million people's data from 23andMe. The firm blamed users in very dumb' move

Many 23andMe users are concerned about the breach of their genetic data and the potential risks it poses to their privacy and safety.
Two plaintiffs have filed a class action lawsuit against 23andMe, claiming the company failed to adequately notify users of Jewish and Chinese heritage who were allegedly targeted by hackers.

Leading Mobile Banking App Hit by IntelBroker Hackers, Sensitive Data Up for Sale

IntelBroker hacker group claims responsibility for potential cyberattack on mobile banking app
Exploit allows scraping and leaking of sensitive user information

A Huge Cache of Andrew Tate Chat Logs Just Leaked

Hackers breached Andrew Tate's online university, leaking user files and exposing the mindset of his followers.

23andMe's data hack went unnoticed for months

23andMe data breach
Hackers had access to customer accounts for five months

Hackers got nearly 7 million people's data from 23andMe. The firm blamed users in very dumb' move

Many 23andMe users are concerned about the breach of their genetic data and the potential risks it poses to their privacy and safety.
Two plaintiffs have filed a class action lawsuit against 23andMe, claiming the company failed to adequately notify users of Jewish and Chinese heritage who were allegedly targeted by hackers.

Leading Mobile Banking App Hit by IntelBroker Hackers, Sensitive Data Up for Sale

IntelBroker hacker group claims responsibility for potential cyberattack on mobile banking app
Exploit allows scraping and leaking of sensitive user information

A Huge Cache of Andrew Tate Chat Logs Just Leaked

Hackers breached Andrew Tate's online university, leaking user files and exposing the mindset of his followers.

23andMe's data hack went unnoticed for months

23andMe data breach
Hackers had access to customer accounts for five months
moredata-breach
#vulnerability

Microsoft warns of serious vulnerability in Office

Users of Office and Microsoft 365 urged to immediately update to protect against hackers exploiting serious vulnerability.

Apple fixes zero-day bug in Apple Vision Pro that 'may have been exploited' | TechCrunch

Apple releases first security patch for Vision Pro
Patch fixes vulnerability in WebKit that may have been exploited by hackers

Microsoft warns of serious vulnerability in Office

Users of Office and Microsoft 365 urged to immediately update to protect against hackers exploiting serious vulnerability.

Apple fixes zero-day bug in Apple Vision Pro that 'may have been exploited' | TechCrunch

Apple releases first security patch for Vision Pro
Patch fixes vulnerability in WebKit that may have been exploited by hackers
morevulnerability
#network-security

18-year-old browser bug still allows access to internal networks

Browser bug allowing hackers to bypass firewalls on macOS and Linux, posing security threat

Researchers warn suspected China-backed hackers are targeting flaws in Invanti VPN tools

Hackers are actively exploiting vulnerabilities in Ivanti's products, potentially impacting its 40,000 customers.
A Chinese state-backed hacking group is suspected of targeting these vulnerabilities to access companies' networks.

18-year-old browser bug still allows access to internal networks

Browser bug allowing hackers to bypass firewalls on macOS and Linux, posing security threat

Researchers warn suspected China-backed hackers are targeting flaws in Invanti VPN tools

Hackers are actively exploiting vulnerabilities in Ivanti's products, potentially impacting its 40,000 customers.
A Chinese state-backed hacking group is suspected of targeting these vulnerabilities to access companies' networks.
morenetwork-security

Israel-Hamas war cyberattacks are mostly felt by civilians

Cyber conflict consequences primarily affect civilians, not soldiers, in the Israel-Hamas war.
#sql-injection

Facebook PrestaShop module exploited to steal credit cards

Hackers are exploiting a critical flaw in the pkfacebook module for PrestaShop to deploy card skimmers and steal credit card details.

Hackers make millions of attempts to exploit WordPress plugin vulnerability

Hackers are exploiting a severe vulnerability in the WordPress Automatic plugin, allowing complete website takeover.

Facebook PrestaShop module exploited to steal credit cards

Hackers are exploiting a critical flaw in the pkfacebook module for PrestaShop to deploy card skimmers and steal credit card details.

Hackers make millions of attempts to exploit WordPress plugin vulnerability

Hackers are exploiting a severe vulnerability in the WordPress Automatic plugin, allowing complete website takeover.
moresql-injection
#suicide-squad-kill-the-justice-league

Suicide Squad: Kill The Justice League Hackers Are Already Playing As Next Season's Character

Hackers leaked unreleased characters and seasonal content in Suicide Squad: Kill the Justice League.
Warner Bros. and Rocksteady are actively working to remove leaks and spoilers from the internet.
The game's first season faced criticism for its grind-heavy approach and low player numbers on Steam.

Suicide Squad Hackers Break Game To Play As Unreleased Characters

Hackers accessing unreleased characters and skins in Suicide Squad: Kill The Justice League.
WB Games issuing DMCA takedown notices against assets leaked online.

Suicide Squad: Kill The Justice League Hackers Are Already Playing As Next Season's Character

Hackers leaked unreleased characters and seasonal content in Suicide Squad: Kill the Justice League.
Warner Bros. and Rocksteady are actively working to remove leaks and spoilers from the internet.
The game's first season faced criticism for its grind-heavy approach and low player numbers on Steam.

Suicide Squad Hackers Break Game To Play As Unreleased Characters

Hackers accessing unreleased characters and skins in Suicide Squad: Kill The Justice League.
WB Games issuing DMCA takedown notices against assets leaked online.
moresuicide-squad-kill-the-justice-league
#security

PSA: Anyone can tell if you are using WhatsApp on your computer | TechCrunch

A security researcher found that it's possible to determine if a WhatsApp user is using more than just the mobile app.
Knowing the devices a user is using on WhatsApp can provide attackers with information to plot an attack or target users.

Okta Hack: Data Stolen From 'All' Customer Support Users | Entrepreneur

Okta experienced a larger data breach than initially reported.
Hackers stole a report containing names and email addresses of all Okta customer support users.
Okta advises customers to use multi-factor authentication to protect their information.

PlayStation Portal Exploit That Let It Run PSP Games Fixed Due To Hacker Help

An exploit used to run PSP games on PlayStation Portal fixed after hackers reported it
The engineers who discovered the exploit reported it to PlayStation, even though initially not planning to release it publicly

Palworld Devs Are Aware Of The Game's Growing Cheating Epidemic

Palworld is facing issues with cheaters and hackers on its official servers.
The developer, Pocketpair, released a patch to address these issues and improve security.

PSA: Anyone can tell if you are using WhatsApp on your computer | TechCrunch

A security researcher found that it's possible to determine if a WhatsApp user is using more than just the mobile app.
Knowing the devices a user is using on WhatsApp can provide attackers with information to plot an attack or target users.

Okta Hack: Data Stolen From 'All' Customer Support Users | Entrepreneur

Okta experienced a larger data breach than initially reported.
Hackers stole a report containing names and email addresses of all Okta customer support users.
Okta advises customers to use multi-factor authentication to protect their information.

PlayStation Portal Exploit That Let It Run PSP Games Fixed Due To Hacker Help

An exploit used to run PSP games on PlayStation Portal fixed after hackers reported it
The engineers who discovered the exploit reported it to PlayStation, even though initially not planning to release it publicly

Palworld Devs Are Aware Of The Game's Growing Cheating Epidemic

Palworld is facing issues with cheaters and hackers on its official servers.
The developer, Pocketpair, released a patch to address these issues and improve security.
moresecurity
#russia

US charges Russian for allegedly helping GRU spies target Ukrainian government systems with data-destroying malware | TechCrunch

Russian civilian charged with conspiracy to destroy Ukrainian government computer systems.

Ukraine gives award to foreign vigilantes for hacks on Russia

Vigilante hackers received awards from Ukraine's military for cyber-attacks on Russia.
Controversy surrounds the encouragement of civilian hackers by states for cyber-attacks.

US charges Russian for allegedly helping GRU spies target Ukrainian government systems with data-destroying malware | TechCrunch

Russian civilian charged with conspiracy to destroy Ukrainian government computer systems.

Ukraine gives award to foreign vigilantes for hacks on Russia

Vigilante hackers received awards from Ukraine's military for cyber-attacks on Russia.
Controversy surrounds the encouragement of civilian hackers by states for cyber-attacks.
morerussia

"Social engineering" hacks work on chatbots, too

Over 2,200 hackers participated in a challenge testing the security of AI models.
Approximately 15.5% of conversations successfully manipulated AI models to break rules or share sensitive data.

The rise of 'ghost hacking' - hackers are stealing from the dead

Scammers use 'ghost hacking' to target deceased individuals' accounts for scams and theft.
Family members of the deceased can be emotionally manipulated by such scams.

Surprise, this $30 video doorbell has serious security issues

Video doorbells under various brands from the Chinese company Eken have serious security flaws, exposing users' IP address and WiFi network name.
Ownership and control of these doorbells can be easily taken over by hackers via the Aiwit app, potentially compromising users' safety and privacy.

3 million smart toothbrushes were just used in a DDoS attack. Really

Three million smart toothbrushes were hijacked by hackers to launch a DDoS attack, causing millions of euros in damages.
The compromised toothbrushes were running Java, a popular language for IoT devices, and flooded a Swiss website with bogus traffic to knock services offline.

Tether had 'record-breaking' net profits in Q4, Polygon Labs does layoffs and hackers steal $112M of XRP | TechCrunch

Hackers steal $112 million worth of XRP
Tether reports record profit in Q4 2023

Tesla hackers win big at first Pwn2Own automotive hack fest

Researches at the Zero Day Initiative's automotive-focused Pwn2Own event discovered 49 vehicle-related zero day vulnerabilities, receiving over $1.3 million in rewards.
French security outfit Synacktiv won $450,000 for demonstrating six successful exploits, including gaining root access to a Tesla Modem and finding a sandbox escape in Tesla's infotainment system.

SolarWinds hackers attack Microsoft in apparent recon mission | Computer Weekly

Microsoft systems were infiltrated by the Midnight Blizzard hackers, who were also responsible for the SolarWinds attack.
The attackers gained access through a password spraying attack and targeted Microsoft corporate email accounts of senior leadership and employees.

Ledger Exploit Drained $484K, Upended DeFi; Former Staffer Linked to Malicious Code

Hackers stole $484,000 by inserting malicious code into the Github library for Connect Kit
Several major DeFi protocols have been impacted and users are warned to avoid using dApps until they are updated

Genetic testing firm 23andMe admits hackers accessed DNA data of 7m users

Nearly 7 million people have been affected by a security breach at 23andMe that exposed DNA ancestry information.
Hackers accessed personal data of 0.1% of customers, but also had access to files containing profile information of other users.

North Korea-backed hackers target CyberLink users in supply-chain attack | TechCrunch

North Korean state-backed hackers are distributing a malicious version of a legitimate application developed by CyberLink.
Microsoft's Threat Intelligence team has identified the compromise and has taken measures to protect customers.

Security Remains A Real Concern With Real-Time Communication Tools

Collaborative tools like Zoom have security vulnerabilities that can be exploited by hackers.
A vulnerability in Zoom Rooms could have allowed unauthorized access to sensitive information.
Hackers quickly found exploits during the pandemic, including Zoombombing.

CISA Warns of Unitronics PLC Exploitation Following Water Utility Hack

Hackers targeted an industrial control system (ICS) at a water utility in the United States, prompting a cybersecurity agency alert.
A hacktivist group called Cyber Av3ngers, potentially linked to Iran, claimed responsibility for the attack on the insecurely configured Unitronics PLC.
CISA issued recommendations to organizations to protect their PLCs, including changing default passwords and implementing multi-factor authentication.

Hackers Hijack Industrial Control System at US Water Utility

The Municipal Water Authority of Aliquippa in Pennsylvania confirmed a hack on their system, but stated there was no risk to the water supply.
An Iran-linked hacktivist group claimed responsibility for the attack, targeting an Israeli company's industrial control system.
Hacktivist groups often target industrial control systems due to the potential implications of hacking these devices.
#cryptocurrency

Bitcoin, SHIB Trade at 30% Haircut on WazirX as Exploiter Converts Stolen Loot to Ether

The majority of the $230 million stolen from WazirX has been converted into ether, impacting liquidity and token prices.

WazirX, Liminal Custody Blame Each Other as $230M Crypto Exploit Leaves Customers Stranded

WazirX and Liminal Custody blamed each other for the $230 million exploit, leaving users concerned about fund security.

Bitcoin, SHIB Trade at 30% Haircut on WazirX as Exploiter Converts Stolen Loot to Ether

The majority of the $230 million stolen from WazirX has been converted into ether, impacting liquidity and token prices.

WazirX, Liminal Custody Blame Each Other as $230M Crypto Exploit Leaves Customers Stranded

WazirX and Liminal Custody blamed each other for the $230 million exploit, leaving users concerned about fund security.
morecryptocurrency

As many as 165 companies 'potentially exposed' in Snowflake-related attacks, Mandiant says

Data exfiltration attacks target Snowflake customers, impacting 165 organizations.
[ Load more ]