Attacks come in two main forms: one is scanning the drive for memory dumps and the other is by sniffing the bitlocker key through RAM dumping on cold boots. Cold Boot Attacks Over time there have been many different physical attacks against full disk encryption, such as Cold Boot attacks [0][1] that we have previously Read more about Decrypting / Mounting Bitlocker protected drives[…]

The Akira ransomware gang is claiming responsiblity for the “cybersecurity incident” at British bath bomb merchant. Akira says it has stolen 110 GB of data from the UK-headquartered global cosmetics giant, which has more than 900 stores worldwide, allegedly including “a lot of personal documents” such as passport scans. Passport scans are routinely collected to Read more about Akira ransomware gang says it stole personnel passport scans and other PII from Lush[…]

A zero-day exploit of Google account security was first teased by a cybercriminal known as “PRISMA” in October 2023, boasting that the technique could be used to log back into a victim’s account even after the password is changed. It can also be used to generate new session tokens to regain access to victims’ emails, Read more about Google password resets not enough to stop malware that recreates login tokens[…]

The parent company that owns a controlling stake in Paramount, CBS, and thousands of theaters across the U.S. got hacked late last year, but it took them a full trip around the sun to let any of the tens of thousands of impacted customers know that their data was potentially compromised. The massive entertainment conglomerate Read more about Paramount Parent Was Hacked Christmas 2022, Told Customers a Year Later[…]

A team of researchers from the ASSET Research Group in Singapore have published the details of a collection of vulnerabilities in the fifth generation mobile communication system (5G) used with smartphones and many other devices. These fourteen vulnerabilities are detailed in this paper and a PoC detailing an attack using a software defined radio (SDR) Read more about 5Ghoul: 14 5G attack Used For easy and cheap Disruptive Attacks On Smartphones[…]

Genetic testing company 23andMe changed its terms of service to prevent customers from filing class action lawsuits or participating in a jury trial days after reports revealing that attackers accessed personal information of nearly 7 million people — half of the company’s user base — in an October hack. In an email sent to customers Read more about 23andMe frantically changed its terms of service to prevent 6.9m hacked customers from suing about losing their (and their entire family’s) DNA[…]

Since the beginning of 2023, ESET researchers have observed an alarming growth of deceptive Android loan apps, which present themselves as legitimate personal loan services, promising quick and easy access to funds. Despite their attractive appearance, these services are in fact designed to defraud users by offering them high-interest-rate loans endorsed with deceitful descriptions, all Read more about SpyLoan apps don’t give you loans but blackmail you, steal your money, downloaded 12m times on Android – Apple won’t tell you how often they get duped[…]

An SEC filing has revealed more details on a data breach affecting 23andMe users that was disclosed earlier this fall. The company says its investigation found hackers were able to access the accounts of roughly 0.1 percent of its userbase, or about 14,000 of its 14 million total customers, TechCrunch notes. On top of that, Read more about 23andMe hackers accessed DNA information on millions of customers using a feature that matches relatives[…]

Hardware security hackers have detailed how it’s possible to bypass Windows Hello’s fingerprint authentication and login as someone else – if you can steal or be left alone with their vulnerable device. The research was carried out by Blackwing Intelligence, primarily Jesse D’Aguanno and Timo Teräs, and was commissioned and sponsored by Microsoft’s Offensive Research Read more about How to bypass Windows Hello fingerprint login[…]

Commercial air crews are reporting something “unthinkable” in the skies above the Middle East: novel “spoofing” attacks have caused navigation systems to fail in dozens of incidents since September. In late September, multiple commercial flights near Iran went astray after navigation systems went blind. The planes first received spoofed GPS signals, meaning signals designed to Read more about Commercial Flights Are Experiencing dozens of GPS Spoofing Attacks in the Middle East[…]

Google’s Threat Analysis Group revealed on Thursday that it discovered and worked to help patch an email server flaw used to steal data from governments in Greece, Moldova, Tunisia, Vietnam and Pakistan. The exploit, known as CVE-2023-37580, targeted email server Zimbra Collaboration to pilfer email data, user credentials and authentication tokens from organizations. It started Read more about Zimbra email vulnerability let hackers steal gov data – fix (and exploit) was easily visible on repository before updates[…]