Russian hackers at the state’s FSB spy agency have been caught breaking into Western institutions working on potential vaccines for the COVID-19 coronavirus in hope of stealing said research. That’s according to the British National Cyber Security Centre and America’s NSA today. The Kremlin-backed APT29 crew, also known by a variety of other names such Read more about FYI Russia is totally hacking the West’s labs in search of COVID-19 vaccine files, say UK, US, Canada cyber-spies. So is China and Iran.[…]

The Central Intelligence Agency has conducted a series of covert cyber operations against Iran and other targets since winning a secret victory in 2018 when President Trump signed what amounts to a sweeping authorization for such activities, according to former U.S. officials with direct knowledge of the matter. The secret authorization, known as a presidential Read more about Secret Trump order gives CIA more powers to launch cyberattacks with less oversight[…]

Twitter has offered its initial analysis of the Wednesday mass hijacking of prominent twits’ accounts – and suggested it all kicked off after its staff fell for social engineering. Judging from leaked screenshots of Twitter’s internal systems circulating online and seen by El Reg, it appears one or more miscreants were able to gain direct Read more about Twitter says hack of key staff led to celebrity, politician, biz account hijack mega-spree[…]

The Russian hacker accused of raiding LinkedIn, Dropbox and Formspring, and obtaining data on 213 million user accounts, has been found guilty. On Friday, Yevgeniy Nikulin was convicted [PDF] by a San Francisco jury of committing computer intrusion, data theft, and other charges [PDF] relating to the databases he broke into and siphoned off in Read more about Guilty: Russian miscreant who hacked LinkedIn, Dropbox, Formspring, stole 200-million-plus account records[…]

Hackers infiltrated Collabera, siphoned off at least some employees’ personal information, and infected the US-based IT consultancy giant’s systems with ransomware. We understand this swiped data included workers’ names, addresses, contact and social security numbers, dates of birth, employment benefits, and passport and immigration visa details. Basically, everything needed for identity theft. The recruitment’n’staffing biz, Read more about Collabera hacked: IT staffing’n’services giant hit by ransomware, employee personal data stolen[…]

Hundreds of thousands of potentially sensitive files from police departments across the United States were leaked online last week. The collection, dubbed “BlueLeaks” and made searchable online, stems from a security breach at a Texas web design and hosting company that maintains a number of state law enforcement data-sharing portals. The collection — nearly 270 Read more about ‘BlueLeaks’ Exposes Files, personal and banking details, emails from Hundreds of Police Departments spanning 24 years[…]

Social media research group Graphika published today a 120-page report [PDF] unmasking a new Russian information operation of which very little has been known so far. Codenamed Secondary Infektion, the group is different from the Internet Research Agency (IRA), the Sankt Petersburg company (troll farm) that has interfered in the US 2016 presidential election. Graphika Read more about Super secretive Russian disinfo operation discovered dating back to 2014[…]

Threat intel researchers have uncovered a phishing and malware campaign that targeted “a large European aerospace company” and which was run by the same North Koreans behind the hack of Sony Pictures. While there are quite a few European aerospace firms, Slovakian infosec biz ESET was more concerned with the phishing ‘n’ malware campaign it Read more about From the crew behind the Sony Pictures hack comes Operation Interception: An aerospace cyber-attack thriller[…]

The list of sophisticated eavesdropping techniques has grown steadily over years: wiretaps, hacked phones, bugs in the wall—even bouncing lasers off of a building’s glass to pick up conversations inside. Now add another tool for audio spies: Any light bulb in a room that might be visible from a window. Researchers from Israeli’s Ben-Gurion University Read more about Spies Can Eavesdrop by Watching a Light Bulb’s Vibrations[…]

New Delhi-based BellTroX InfoTech Services targeted government officials in Europe, gambling tycoons in the Bahamas, and well-known investors in the United States including private equity giant KKR and short seller Muddy Waters, according to three former employees, outside researchers, and a trail of online evidence. Aspects of BellTroX’s hacking spree aimed at American targets are Read more about Obscure Indian cyber firm spied on politicians, investors worldwide[…]

Victims of the Easyjet hack are now being told their entire travel itineraries were accessed by hackers who helped themselves to nine million people’s personal details stored by the budget airline. As reported earlier this week, the data was stolen from the airline between October 2019 and January this year. Easyjet kept quiet about the Read more about It wasn’t just a few credit cards: Entire travel itineraries were stolen by hackers, Easyjet now tells victims[…]

I was reticent to write this blog post because it leaves a lot of questions unanswered, questions that we should be able to answer. It’s about a data breach with almost 90GB of personal information in it across tens of millions of records – including mine. Here’s what I know: Back in Feb, Dehashed reached Read more about The Unattributable “db8151dd” Data Breach with 22M people in it turns out to be Covve hack[…]

Multiple supercomputers across Europe have been infected this week with cryptocurrency mining malware and have shut down to investigate the intrusions. Security incidents have been reported in the UK, Germany, and Switzerland, while a similar intrusion is rumored to have also happened at a high-performance computing center located in Spain. The first report of an Read more about Supercomputers hacked across Europe to mine cryptocurrency[…]

Hackers are threatening to release 756GB of A-list celebs’ contracts, recording deals, and other personal info allegedly stolen from a New York law firm. The miscreants have seemingly got their hands on confidential agreements, private correspondence, contact details, and other information belonging to superstars, including Madonna, Christina Aguilera, Sir Elton John, Run DMC, Bruce Springsteen, Read more about Papa don’t breach: Contracts, personal info on Madonna, Lady Gaga, Elton John, others swiped in celeb law firm ‘hack’[…]

Thunderspy targets devices with a Thunderbolt port. If your computer has such a port, an attacker who gets brief physical access to it can read and copy all your data, even if your drive is encrypted and your computer is locked or set to sleep. Thunderspy is stealth, meaning that you cannot find any traces Read more about 5 minutes with a Thunderbolt machine leaves it completely open using Thunderspy – evil maids don’t need much knowledge[…]

a hacker group created a fake icons hosting website in order to disguise malicious code meant to steal payment card data from hacked websites. The operation is what security researchers refer to these days as a web skimming, e-skimming, or a Magecart attack. Hackers breach websites and then hide malicious code on its pages, code Read more about Hackers hide web skimmer behind a website’s favicon[…]

The details of 44 million Pakistani mobile subscribers have leaked online this week, ZDNet has learned. The leak comes after a hacker tried to sell a package containing 115 million Pakistani mobile user records last month for a price of $2.1 million in bitcoin. ZDNet has obtained copies of both data sets. We received the Read more about Details of 44m Pakistani mobile users leaked online, part of bigger 115m cache[…]

Christopher Bouzy, the founder of bot tracking platform Bot Sentinel, conducted a Twitter analysis for Business Insider and found bots and trolls are using hashtags like #ReOpenNC, #ReopenAmericaNow, #StopTheMadness, #ENDTHESHUTDOWN, and #OperationGridlock to spread disinformation. According to Bouzy, the bots and trolls are spreading conspiracy theories about Democrats wanting to hurt the economy to make Read more about Trolls, bots flooding social media with anti-quarantine disinformation[…]

At a remote virtual version of its annual Security Analyst Summit, researchers from the Russian security firm Kaspersky today plan to present research about a hacking campaign they call PhantomLance, in which spies hid malware in the Play Store to target users in Vietnam, Bangladesh, Indonesia, and India. Unlike most of the shady apps found Read more about How Spies Snuck Malware Into the Google Play Store—Again and Again: by upgrading a vetted app[…]

In a filing released on Thursday in federal court in Oakland, California, lawyers representing the social media giant alleged that NSO Group had used a network of remote servers in California to hack into phones and devices that were used by attorneys, journalists, human rights activists, government officials and others. NSO Group has argued that Read more about Facebook Accuses NSO Group of Using U.S. Servers for Spying, infecting phones via WhatsApp[…]

New Jersey IT services provider Cognizant has confirmed it is the latest victim of the Maze ransomware. The infection was disclosed to the public this weekend. Cognizant said the malware outbreak will likely disrupt service for some of its customers, and possibly put them in danger as well. Maze is unusual among ransomware strains in Read more about Bad news: Cognizant hit by ransomware Maze, which leaks customers’ data online after non-payment[…]

Security researcher Trammell Hudson analyzed the AirSense 10 — the world’s most widely used CPAP — and made a startling discovery. Although its manufacturer says the AirSense 10 would require “significant rework to function as a ventilator,” many ventilator functions were already built into the device firmware. Its manufacturer, ResMed, says the $700 device solely Read more about Medical Device ‘Jailbreak’ Could Help Solve the Dangerous Shortage of Ventilators[…]

A group of hackers operating as an offshoot of China’s Winnti group managed to stay undetected for more than a decade by going open source. A report from BlackBerry outlines how the group, actually a collection of five smaller crews of hackers thought to be state-sponsored, assembled in the wake of Winnti and exploited Linux Read more about Chinas Winnti group stayed under the radar for a decade by aiming for Linux servers[…]

For the past two weeks, a hacker has been breaking into Elasticsearch servers that have been left open on the internet without a password and attempting to wipe their content, while also leaving the name of a cyber-security firm behind, trying to divert blame. According to security researcher John Wethington, one of the people who Read more about A hacker has wiped, defaced more than 15,000 Elasticsearch servers[…]