#hackers
#hackers

Roku hackers breach 15,000 accounts and are selling them online

Hackers gained access to Roku accounts and credit card information through credential stuffing.

Roku has secured compromised accounts and advised users to reset passwords and monitor for unauthorized purchases. [ more ]

www.theguardian.com

Hackers got nearly 7 million people's data from 23andMe. The firm blamed users in very dumb' move

Many 23andMe users are concerned about the breach of their genetic data and the potential risks it poses to their privacy and safety.

Two plaintiffs have filed a class action lawsuit against 23andMe, claiming the company failed to adequately notify users of Jewish and Chinese heritage who were allegedly targeted by hackers. [ more ]

Databreaches

Leading Mobile Banking App Hit by IntelBroker Hackers, Sensitive Data Up for Sale

IntelBroker hacker group claims responsibility for potential cyberattack on mobile banking app

Exploit allows scraping and leaking of sensitive user information [ more ]

Databreaches

23andMe's data hack went unnoticed for months

23andMe data breach

Hackers had access to customer accounts for five months [ more ]

GameSpot

PlayStation Portal Exploit That Let It Run PSP Games Fixed Due To Hacker Help

An exploit used to run PSP games on PlayStation Portal fixed after hackers reported it

The engineers who discovered the exploit reported it to PlayStation, even though initially not planning to release it publicly [ more ]

Kotaku

Video games

Palworld Devs Are Aware Of The Game's Growing Cheating Epidemic

Palworld is facing issues with cheaters and hackers on its official servers.

The developer, Pocketpair, released a patch to address these issues and improve security. [ more ]

TechCrunch

PSA: Anyone can tell if you are using WhatsApp on your computer | TechCrunch

A security researcher found that it's possible to determine if a WhatsApp user is using more than just the mobile app.

Knowing the devices a user is using on WhatsApp can provide attackers with information to plot an attack or target users. [ more ]

Entrepreneur

Okta Hack: Data Stolen From 'All' Customer Support Users | Entrepreneur

Okta experienced a larger data breach than initially reported.

Hackers stole a report containing names and email addresses of all Okta customer support users.

Okta advises customers to use multi-factor authentication to protect their information. [ more ]

moresecurity

Fast Company

3 days ago

Israel-Hamas war cyberattacks are mostly felt by civilians

Cyber conflict consequences primarily affect civilians, not soldiers, in the Israel-Hamas war. [ more ]

WIRED

8 hours ago

A (Strange) Interview With the Russian-Military-Linked Hackers Targeting US Water Utilities

The Cyber Army of Russia hyped its hacking for domestic audience, unlike other Russian hacker groups who tend to lay low after exposure. [ more ]

Ars Technica

1 week ago

Hackers make millions of attempts to exploit WordPress plugin vulnerability

Hackers are exploiting a severe vulnerability in the WordPress Automatic plugin, allowing complete website takeover. [ more ]

Fast Company

1 week ago

Be careful where you upload files: Cybersecurity researchers highlight a new ransomware threat to browsers

Uploading files online can also lead to ransomware attacks due to modern browsers' capabilities to interact with local file systems. [ more ]

Tripwire

1 week ago

"Junk gun" ransomware: the cheap new threat to small businesses

Cheap, unsophisticated ransomware like 'junk gun' poses a serious threat to organizations, despite not making headlines like other advanced variants. [ more ]

TechCrunch

NSA says it's tracking Ivanti cyberattacks as hackers hit US defense sector | TechCrunch

Hackers targeted U.S. defense sector via Ivanti VPN flaws

Mandiant identified Chinese espionage hackers exploiting Ivanti Connect Secure vulnerabilities. [ more ]

Kotaku

Video games

Suicide Squad Hackers Break Game To Play As Unreleased Characters

Hackers accessing unreleased characters and skins in Suicide Squad: Kill The Justice League.

WB Games issuing DMCA takedown notices against assets leaked online. [ more ]

GameSpot

Video games

Suicide Squad: Kill The Justice League Hackers Are Already Playing As Next Season's Character

Hackers leaked unreleased characters and seasonal content in Suicide Squad: Kill the Justice League.

Warner Bros. and Rocksteady are actively working to remove leaks and spoilers from the internet.

The game's first season faced criticism for its grind-heavy approach and low player numbers on Steam. [ more ]

BBC News

Europe news

Ukraine gives award to foreign vigilantes for hacks on Russia

Vigilante hackers received awards from Ukraine's military for cyber-attacks on Russia.

Controversy surrounds the encouragement of civilian hackers by states for cyber-attacks. [ more ]

Axios

Data science

"Social engineering" hacks work on chatbots, too

Over 2,200 hackers participated in a challenge testing the security of AI models.

Approximately 15.5% of conversations successfully manipulated AI models to break rules or share sensitive data. [ more ]

Mail Online

The rise of 'ghost hacking' - hackers are stealing from the dead

Scammers use 'ghost hacking' to target deceased individuals' accounts for scams and theft.

Family members of the deceased can be emotionally manipulated by such scams. [ more ]

www.fastcompany.com

Microsoft says Russian hackers continue to attackand stole some of its source code

State-sponsored hackers, backed by Russia, continue to target Microsoft's systems and have successfully stolen source code repositories.

Obtaining source code allows hackers to understand software programs, potentially leading to follow-up attacks. [ more ]

Axios

Stolen passwords are a hacker goldmine now

Hackers use stolen user accounts to exfiltrate data, making detection harder.

Increase in attacks relying on valid login credentials seen by IBM and CrowdStrike. [ more ]

TechCrunch

Researchers say easy-to-exploit security bugs in ConnectWise remote access software now under mass-attack | TechCrunch

Two easy-to-exploit flaws in ConnectWise ScreenConnect are being mass-exploited by hackers.

Hackers are using the vulnerabilities to deploy ransomware and steal sensitive data. [ more ]

ZDNET

3 million smart toothbrushes were just used in a DDoS attack. Really

Three million smart toothbrushes were hijacked by hackers to launch a DDoS attack, causing millions of euros in damages.

The compromised toothbrushes were running Java, a popular language for IoT devices, and flooded a Swiss website with bogus traffic to knock services offline. [ more ]

Theregister

morePrivacy professionals

Tesla hackers win big at first Pwn2Own automotive hack fest

Researches at the Zero Day Initiative's automotive-focused Pwn2Own event discovered 49 vehicle-related zero day vulnerabilities, receiving over $1.3 million in rewards.

French security outfit Synacktiv won $450,000 for demonstrating six successful exploits, including gaining root access to a Tesla Modem and finding a sandbox escape in Tesla's infotainment system. [ more ]

Engadget

Digital life

Surprise, this $30 video doorbell has serious security issues

Video doorbells under various brands from the Chinese company Eken have serious security flaws, exposing users' IP address and WiFi network name.

Ownership and control of these doorbells can be easily taken over by hackers via the Aiwit app, potentially compromising users' safety and privacy. [ more ]

Axios

Web development

Enterprise browsers could bring 2024's next security boost

Enterprise browsers provide a balance between IT control and employee flexibility.

Browsers are increasingly targeted by hackers for stealing sensitive information. [ more ]

The Verge

Microsoft and OpenAI say hackers are using ChatGPT to improve cyberattacks

Hackers are using large language models like ChatGPT to refine and improve their cyberattacks.

Nation-backed groups from Russia, North Korea, Iran, and China are utilizing language models for research, scripting, and phishing emails. [ more ]

Nextgov.com

White House to release memory-safe code guidance in coming weeks

The White House's main cybersecurity directorate will release a paper on memory-safe software development to encourage adoption of secure coding practices.

National Cyber Director Harry Coker highlighted memory safety bugs as dangerous vulnerabilities that developers have been slow to address. [ more ]

TechCrunch

Cryptocurrency

Tether had 'record-breaking' net profits in Q4, Polygon Labs does layoffs and hackers steal $112M of XRP | TechCrunch

Hackers steal $112 million worth of XRP

Tether reports record profit in Q4 2023 [ more ]

TechCrunch

Apple fixes zero-day bug in Apple Vision Pro that 'may have been exploited' | TechCrunch

Apple releases first security patch for Vision Pro

Patch fixes vulnerability in WebKit that may have been exploited by hackers [ more ]

ComputerWeekly.com

SolarWinds hackers attack Microsoft in apparent recon mission | Computer Weekly

Microsoft systems were infiltrated by the Midnight Blizzard hackers, who were also responsible for the SolarWinds attack.

The attackers gained access through a password spraying attack and targeted Microsoft corporate email accounts of senior leadership and employees. [ more ]

Axios

Researchers warn suspected China-backed hackers are targeting flaws in Invanti VPN tools

Hackers are actively exploiting vulnerabilities in Ivanti's products, potentially impacting its 40,000 customers.

A Chinese state-backed hacking group is suspected of targeting these vulnerabilities to access companies' networks. [ more ]

WSJ

Artificial intelligence

AI Helps U.S. Intelligence Track Hackers Targeting Critical Infrastructure

U.S. intelligence authorities are using AI to detect hackers targeting critical infrastructure.

AI is also being used by hackers in their attacks. [ more ]

Entrepreneur

Artificial intelligence

Google Sues Hackers Over Fake Bard AI Ads, Malware Scams | Entrepreneur

Google is suing hackers who posted fake advertisements for its AI tool to steal social media accounts.

The hackers used fake attachments to distribute malware and hack into social media accounts of those who downloaded them.

This is the first major lawsuit of its kind to protect users of an AI product against cybercriminals and hackers. [ more ]

Coindesk

4 months ago

Web design

Ledger Exploit Drained $484K, Upended DeFi; Former Staffer Linked to Malicious Code

Hackers stole $484,000 by inserting malicious code into the Github library for Connect Kit

Several major DeFi protocols have been impacted and users are warned to avoid using dApps until they are updated [ more ]

www.theguardian.com

Genetic testing firm 23andMe admits hackers accessed DNA data of 7m users

Nearly 7 million people have been affected by a security breach at 23andMe that exposed DNA ancestry information.

Hackers accessed personal data of 0.1% of customers, but also had access to files containing profile information of other users. [ more ]

TechCrunch

North Korea-backed hackers target CyberLink users in supply-chain attack | TechCrunch

North Korean state-backed hackers are distributing a malicious version of a legitimate application developed by CyberLink.

Microsoft's Threat Intelligence team has identified the compromise and has taken measures to protect customers. [ more ]

Forbes

Security Remains A Real Concern With Real-Time Communication Tools

Collaborative tools like Zoom have security vulnerabilities that can be exploited by hackers.

A vulnerability in Zoom Rooms could have allowed unauthorized access to sensitive information.

Hackers quickly found exploits during the pandemic, including Zoombombing. [ more ]

SecurityWeek

CISA Warns of Unitronics PLC Exploitation Following Water Utility Hack

Hackers targeted an industrial control system (ICS) at a water utility in the United States, prompting a cybersecurity agency alert.

A hacktivist group called Cyber Av3ngers, potentially linked to Iran, claimed responsibility for the attack on the insecurely configured Unitronics PLC.

CISA issued recommendations to organizations to protect their PLCs, including changing default passwords and implementing multi-factor authentication. [ more ]

SecurityWeek

Hackers Hijack Industrial Control System at US Water Utility

The Municipal Water Authority of Aliquippa in Pennsylvania confirmed a hack on their system, but stated there was no risk to the water supply.

An Iran-linked hacktivist group claimed responsibility for the attack, targeting an Israeli company's industrial control system.

Hacktivist groups often target industrial control systems due to the potential implications of hacking these devices. [ more ]

TechCrunch