A zero-day exploit of Google account security was first teased by a cybercriminal known as “PRISMA” in October 2023, boasting that the technique could be used to log back into a victim’s account even after the password is changed. It can also be used to generate new session tokens to regain access to victims’ emails, Read more about Google password resets not enough to stop malware that recreates login tokens[…]
Facing more than 30 lawsuits from victims of its massive data breach, 23andMe is now deflecting the blame to the victims themselves in an attempt to absolve itself from any responsibility, according to a letter sent to a group of victims seen by TechCrunch. “Rather than acknowledge its role in this data security disaster, 23andMe Read more about 23andMe tells victims it’s their fault that their data was breached. DNA data, it turns out, is extremely sensitive![…]
[…] In 2014, the largest cryptocurrency exchange in the world, Mt. Gox, suffered a notorious hack that stole 850,000 Bitcoins from the platform. Victims are finally starting to get their money back on Tuesday, nearly 10 years later. However, some are reporting Mt. Gox accidentally sent “double payments” and the trustees are asking for some Read more about Mt. Gox Victims Report ‘Double Repayments’ From 2014 Bitcoin Hack[…]
The parent company that owns a controlling stake in Paramount, CBS, and thousands of theaters across the U.S. got hacked late last year, but it took them a full trip around the sun to let any of the tens of thousands of impacted customers know that their data was potentially compromised. The massive entertainment conglomerate Read more about Paramount Parent Was Hacked Christmas 2022, Told Customers a Year Later[…]
You’ve got to love a project with amazing elements of both art and science. Nissan 300ZX enthusiast and talented tinkerer Kelvin Elsner has been working on this custom vaporwave-aesthetic digital gauge cluster for months. It’s not in a car yet, but it’s an amazing design and computer coding feat for one guy in his home Read more about Nissan 300ZX Owner Turns Ford Digital Dash Into Wicked Retro Display – why don’t all automakers allow digital dash theming?![…]
A team of researchers from the ASSET Research Group in Singapore have published the details of a collection of vulnerabilities in the fifth generation mobile communication system (5G) used with smartphones and many other devices. These fourteen vulnerabilities are detailed in this paper and a PoC detailing an attack using a software defined radio (SDR) Read more about 5Ghoul: 14 5G attack Used For easy and cheap Disruptive Attacks On Smartphones[…]
[…] three white-hat hackers helped a regional rail company in southwest Poland unbrick a train that had been artificially rendered inoperable by the train’s manufacturer after an independent maintenance company worked on it. The train’s manufacturer is now threatening to sue the hackers who were hired by the independent repair company to fix it. The Read more about Polish Hackers Repaired Trains the Manufacturer Artificially Bricked. Now The Train Maker NEWAG Is Threatening Them[…]
Genetic testing company 23andMe changed its terms of service to prevent customers from filing class action lawsuits or participating in a jury trial days after reports revealing that attackers accessed personal information of nearly 7 million people — half of the company’s user base — in an October hack. In an email sent to customers Read more about 23andMe frantically changed its terms of service to prevent 6.9m hacked customers from suing about losing their (and their entire family’s) DNA[…]
Since the beginning of 2023, ESET researchers have observed an alarming growth of deceptive Android loan apps, which present themselves as legitimate personal loan services, promising quick and easy access to funds. Despite their attractive appearance, these services are in fact designed to defraud users by offering them high-interest-rate loans endorsed with deceitful descriptions, all Read more about SpyLoan apps don’t give you loans but blackmail you, steal your money, downloaded 12m times on Android – Apple won’t tell you how often they get duped[…]
An SEC filing has revealed more details on a data breach affecting 23andMe users that was disclosed earlier this fall. The company says its investigation found hackers were able to access the accounts of roughly 0.1 percent of its userbase, or about 14,000 of its 14 million total customers, TechCrunch notes. On top of that, Read more about 23andMe hackers accessed DNA information on millions of customers using a feature that matches relatives[…]
Hardware security hackers have detailed how it’s possible to bypass Windows Hello’s fingerprint authentication and login as someone else – if you can steal or be left alone with their vulnerable device. The research was carried out by Blackwing Intelligence, primarily Jesse D’Aguanno and Timo Teräs, and was commissioned and sponsored by Microsoft’s Offensive Research Read more about How to bypass Windows Hello fingerprint login[…]
Commercial air crews are reporting something “unthinkable” in the skies above the Middle East: novel “spoofing” attacks have caused navigation systems to fail in dozens of incidents since September. In late September, multiple commercial flights near Iran went astray after navigation systems went blind. The planes first received spoofed GPS signals, meaning signals designed to Read more about Commercial Flights Are Experiencing dozens of GPS Spoofing Attacks in the Middle East[…]
Google’s Threat Analysis Group revealed on Thursday that it discovered and worked to help patch an email server flaw used to steal data from governments in Greece, Moldova, Tunisia, Vietnam and Pakistan. The exploit, known as CVE-2023-37580, targeted email server Zimbra Collaboration to pilfer email data, user credentials and authentication tokens from organizations. It started Read more about Zimbra email vulnerability let hackers steal gov data – fix (and exploit) was easily visible on repository before updates[…]
affiliates of ransomware gang AlphV (aka BlackCat) claimed to have compromised digital lending firm MeridianLink – and reportedly filed an SEC complaint against the fintech firm for failing to disclose the intrusion to the US watchdog. First reported by DataBreaches, the break-in apparently happened on November 7. AlphaV’s operatives claimed they did not encrypt any Read more about Cracking group files SEC complaint on hacked company for failure to disclose breach[…]
The Clorox Company’s chief security officer has left her job in the wake of a corporate network breach that cost the manufacturer hundreds of millions of dollars. […] Chau Banks, the chief information and data officer of the $7 billion biz, who reportedly penned the memo, will fill Bogac’s role as Clorox continues mopping up Read more about Clorox CISO leaves after > 1/3rd billion spent on breach[…]
[…] Previously unreported figures from ad blocking companies indicate that YouTube’s crackdown is working, with hundreds of thousands of people uninstalling ad blockers in October. The available data suggests that last month saw a record number of ad blockers uninstalled—and also a record for new ad blocker installs as people sought alternatives that wouldn’t trigger Read more about YouTube’s Crackdown Spurs Record Uninstalls And Reinstalls in new Browser of Ad Blockers… Time to Change Video Site?[…]
Researchers have devised an attack that forces Apple’s Safari browser to divulge passwords, Gmail message content, and other secrets by exploiting a side channel vulnerability in the A- and M-series CPUs running modern iOS and macOS devices. Further Reading Intel SGX is vulnerable to an unfixable flaw that can steal crypto keys and more Read more about iLeakage hack can force iOS and macOS browsers to divulge passwords and much more[…]
Winter Vivern, believed to be a Belarus-aligned hacker, attacked European government entities and a think tank starting on Oct. 11, according to an Ars Technica report Wednesday. ESET Research discovered the hack that exploited a zero-day vulnerability in Roundcube, a webmail server with millions of users, and allowed the pro-Russian group to exfiltrate sensitive emails. Read more about Hackers Target European Government With Roundcube Webmail Bug[…]
Citrix has urged admins to “immediately” apply a fix for CVE-2023-4966, a critical information disclosure bug that affects NetScaler ADC and NetScaler Gateway, admitting it has been exploited. Plus, there’s a proof-of-concept exploit, dubbed Citrix Bleed, now on GitHub. So if you are using an affected build, at this point assume you’ve been compromised, apply Read more about Citrix urges “immediate” patching as exploit POC[…]
MGM Resorts has admitted that the cyberattack it suffered in September will likely cost the company at least $100 million. The effects of the attack are expected to make a substantial dent in the entertainment giant’s third-quarter earnings and still have a noticeable impact in its Q4 too, although this is predicted to be “minimal.” Read more about MGM Resorts cyberattack to cost $100 million[…]
Genetic testing giant 23andMe confirmed that a data scraping incident resulted in hackers gaining access to sensitive user information and selling it on the dark web. The information of nearly 7 million 23andMe users was offered for sale on a cybercriminal forum this week. The information included origin estimation, phenotype, health information, photos, identification data Read more about 23andMe DNA site scraping incident leaked data on 1.3 million users[…]
Commercial spyware has exploited a security hole in Arm’s Mali GPU drivers to compromise some people’s devices, according to Google today. These graphics processors are used in a ton of gear, from phones and tablets to laptops and cars, so the kernel-level vulnerability may be present in countless equipment. This includes Android handsets made by Read more about Arm patches Mali GPU driver bug exploited by spyware[…]
On August 15, 2023, the threat actor “Ransomed,” operating under the alias “RansomForums,” posted on Telegram advertising their new forum and Telegram chat channel. On the same day, the domain ransomed[.]vc was registered. But before activity on Ransomed had even really begun, the forum was the victim of a distributed denial-of-service (DDoS) attack. In response, Read more about Ransomed.vc: Using the GDPR fine as a benchmark to ransom stolen data[…]
Hackers backed by the Chinese government are planting malware into routers that provides long-lasting and undetectable backdoor access to the networks of multinational companies in the US and Japan, governments in both countries said Wednesday. The hacking group, tracked under names including BlackTech, Palmerworm, Temp.Overboard, Circuit Panda, and Radio Panda, has been operating since at Read more about Backdoored Firmware Lets China State Hackers Control Routers With ‘Magic Packets’[…]
An anonymous reader quotes a report from Engadget: The ALPHV/BlackCat ransomware group claimed responsibility for the MGM Resorts cyber outage on Tuesday, according to a post by malware archive vx-underground. The group claims to have used common social engineering tactics, or gaining trust from employees to get inside information, to try and get a ransom Read more about Hackers Claim It Only Took a 10-Minute Phone Call To Shut Down MGM Resorts – stock down 6% already[…]