Suspected Kremlin hack on Liz Truss’s mobile sparks security clampdown

Spy chiefs have ordered ministers to stop using their personal phones to conduct government business following a suspected Kremlin hack on Liz Truss’s mobile. A Whitehall source said all ministers involved in national security would be expected to attend fresh training with the security services this week ‘to ensure everyone is aware how this material Read more about Suspected Kremlin hack on Liz Truss’s mobile sparks security clampdown[…]

Australia’s Medibank says data of 4 mln customers accessed by hacker

Medibank Private Ltd (MPL.AX), Australia’s biggest health insurer, said on Wednesday a cyber hack had compromised data of all of its of its nearly 4 million customers, as it warned of a A$25 million to A$35 million ($16 million to $22.3 million) hit to first-half earnings. It said on Wednesday that all personal and significant Read more about Australia’s Medibank says data of 4 mln customers accessed by hacker[…]

Crooks use POS malware to steal 167,000 credit card numbers from shops with open VNC + RDP ports

Cybercriminals have used two strains of point-of-sale (POS) malware to steal the details of more than 167,000 credit cards from payment terminals. The backend command-and-control (C2) server that operates the MajikPOS and Treasure Hunter malware remains active, according to Group-IB’s Nikolay Shelekhov and Said Khamchiev, and “the number of victims keeps growing,” they said this Read more about Crooks use POS malware to steal 167,000 credit card numbers from shops with open VNC + RDP ports[…]

Shein Owner Fined $1.9 Million For Failing To Notify 39 Million Users of Data Breach – Slashdot

Zoetop, the firm that owns Shein and its sister brand Romwe, has been fined (PDF) $1.9 million by New York for failing to properly disclose a data breach from 2018. TechCrunch reports: A cybersecurity attack that originated in 2018 resulted in the theft of 39 million Shein account credentials, including those of more than 375,000 Read more about Shein Owner Fined $1.9 Million For Failing To Notify 39 Million Users of Data Breach – Slashdot[…]

Default title

A dark web carding market named ‘BidenCash’ has released a massive dump of 1,221,551 credit cards to promote their marketplace, allowing anyone to download them for free to conduct financial fraud. Carding is the trafficking and use of credit cards stolen through point-of-sale malware, magecart attacks on websites, or information-stealing malware. BidenCash is a stolen cards marketplace launched Read more about Default title[…]

IKEA TRÅDFRI smart lighting hacked to blink and reset

Researchers at the Synopsys Cybersecurity Research Center (CyRC) have discovered an availability vulnerability in the IKEA TRÅDFRI smart lighting system. An attacker sending a single malformed IEEE 802.15.4 (Zigbee) frame makes the TRÅDFRI bulb blink, and if they replay (i.e. resend) the same frame multiple times, the bulb performs a factory reset. This causes the Read more about IKEA TRÅDFRI smart lighting hacked to blink and reset[…]

Australian Optus telco data debacle gets worse and worse – non-existent security and no govt regulation

[…] The alleged hacker – who threatened to sell the data unless a ransom was paid – took names, birth dates, phone numbers, addresses, and passport, healthcare and drivers’ license details from Optus, the country’s second-largest telecommunications company. Of the 10 million people whose data was exposed, almost 3 million had crucial identity documents accessed. Read more about Australian Optus telco data debacle gets worse and worse – non-existent security and no govt regulation[…]

Hackers Are Hypervisor Hijacking in the wild now

For decades, virtualization software has offered a way to vastly multiply computers’ efficiency, hosting entire collections of computers as “virtual machines” on just one physical machine. And for almost as long, security researchers have warned about the potential dark side of that technology: theoretical “hyperjacking” and “Blue Pill” attacks, where hackers hijack virtualization to spy Read more about Hackers Are Hypervisor Hijacking in the wild now[…]

Australia To Overhaul Privacy Laws After Optus data breach exposes 40% of AU population

Following one of the biggest data breaches in Australian history, the government of Australia is planning to get stricter on requirements for disclosure of cyber attacks. From a report: On Monday, Prime Minister Anthony Albanese told Australian radio station 4BC that the government intended to overhaul privacy legislation so that any company suffering a data Read more about Australia To Overhaul Privacy Laws After Optus data breach exposes 40% of AU population[…]

Ask.FM database with 350m user records allegedly sold online

The listing allegedly includes 350 million Ask.FM user records, with the threat actor also offering 607 repositories plus their Gitlab, Jira, and Confluence databases. Ask.FM is a question and answer network launched in June 2010, with over 215 million registered users. “I’m selling the users database of Ask.fm and ask.com. For connoisseurs, you can also Read more about Ask.FM database with 350m user records allegedly sold online[…]

Revolut banking confirms cyberattack exposed personal data of tens of thousands of users

Fintech startup Revolut has confirmed it was hit by a highly targeted cyberattack that allowed hackers to access the personal details of tens of thousands of customers. Revolut spokesperson Michael Bodansky told TechCrunch that an “unauthorized third party obtained access to the details of a small percentage (0.16%) of our customers for a short period Read more about Revolut banking confirms cyberattack exposed personal data of tens of thousands of users[…]

GTA Publisher Take-Two’s Bad Week Gets Worse With Disaster Hack

Take-Two is definitely not having a good time of it. Following the weekend’s colossal leak of GTA VI, its septimana horribilis continues with the fresh news that its 2K Games support services have been hacked, and customers are now being sent out phishing scams. Posting to the official 2K Support Twitter account, 2K explained that Read more about GTA Publisher Take-Two’s Bad Week Gets Worse With Disaster Hack[…]

Crypto market maker Wintermute loses $160 million in DeFi hack

Evgeny Gaevoy, the founder and chief executive of Wintermute, disclosed in a series of tweets that the firm’s decentralized finance operations had been hacked, but centralized finance and over the counter verticals aren’t affected. He said that Wintermute — which counts Lightspeed Venture Partners, Pantera Capital and Fidelity’s Avon among its backers — remains solvent Read more about Crypto market maker Wintermute loses $160 million in DeFi hack[…]

Robot Opens Master Combination Locks In Less Than A Minute

[…] In real life, high-quality combination locks are not vulnerable to such simple attacks, but cheap ones can often be bypassed with a minimum of effort. Some are so simple that this process can even be automated, as [Mew463] has shown by building a machine that can open a Master combination lock in less than Read more about Robot Opens Master Combination Locks In Less Than A Minute[…]

Have you patched your Zimbra server – actively exploited hacks

In a security alert updated on Monday, the US government’s Cybersecurity and Infrastructure Security Agency (CISA) and the Multi-State Information Sharing and Analysis Center (MS-ISAC) warned that cybercriminals are actively exploiting five vulnerabilities in the Zimbra Collaboration Suite (ZCS) to break into both government and private-sector networks. The agencies have provided fresh detection signatures to Read more about Have you patched your Zimbra server – actively exploited hacks[…]

Smartphone gyroscopes and LED threaten air-gapped systems

[…] A pair of preprint papers from Mordechai Guri, head of R&D at Ben-Gurion University’s Cyber Security Research Labs, detail new methods for transmitting data ultrasonically to smartphone gyroscopes and sending Morse code signals via LEDs on network interface cards (NICs). Dubbed Gairoscope and EtherLED respectively, the two exploits are the latest in a long Read more about Smartphone gyroscopes and LED threaten air-gapped systems[…]

Hackers Use Deepfakes of Binance Exec to Scam Crypto Projects

Binance Chief Communications Officer Patrick Hillmann wrote in a blog post last week that internet scammers had been using deepfake technology to copy his image during video meetings. He started to catch on to this trend when he received messages from the leadership of various crypto projects thanking him for meetings he never attended. Hillmann Read more about Hackers Use Deepfakes of Binance Exec to Scam Crypto Projects[…]

Oktatapus Hack Stole 10,000 Logins From 130 Different Orgs

Researchers say that a mysterious “threat actor” (a fancy term for a hacker or hacker group) has managed to steal nearly 10,000 login credentials from the employees of 130 organizations, in the latest far-reaching supply chain attack on corporate America. Many of the victims are prominent software companies, including firms like Twilio, MailChimp, and Cloudflare, Read more about Oktatapus Hack Stole 10,000 Logins From 130 Different Orgs[…]

Samsung says customer data stolen in July data breach – again

Electronics giant Samsung has confirmed a data breach affecting customers’ personal information. In a brief notice, Samsung said it discovered the security incident in late-July and that an “unauthorized third party acquired information from some of Samsung’s U.S. systems.” The company said it determined customer data was compromised on August 4. Samsung said Social Security Read more about Samsung says customer data stolen in July data breach – again[…]

Twilio SMS service attacker ‘explicitly’ looked for 3 Signal numbers

The security breach at Twilio earlier this month affected at least one high-value customer, Signal, and led to the exposure of the phone number and SMS registration codes for 1,900 users of the encrypted messaging service, it confirmed. However, Signal – considered one of the better secured of all the encrypted messaging apps – claims the Read more about Twilio SMS service attacker ‘explicitly’ looked for 3 Signal numbers[…]

Cryptocurrency firm Nomad offers 10% bounty to hackers who stole $190 million

Hackers recently stole $190 million from cryptocurrency cross-chain token platform Nomad, and now the company says it will pay a bounty to the thieves if they return those assets. Nomad says it will pay the hackers an amount that is worth up to 10% of the stolen funds and call off its lawyers after the Read more about Cryptocurrency firm Nomad offers 10% bounty to hackers who stole $190 million[…]

New Gmail Attack Bypasses Passwords And 2FA To Read All Email in browser extension

According to cyber security firm Volexity, the threat research team has found the North Korean ‘SharpTongue’ group, which appears to be part of, or related to, the Kimsuky advanced persistent threat group, deploying malware called SHARPEXT that doesn’t need your Gmail login credentials at all. Instead, it “directly inspects and exfiltrates data” from a Gmail Read more about New Gmail Attack Bypasses Passwords And 2FA To Read All Email in browser extension[…]

Hackers stole passwords for accessing 140,000 Wiseasy payment terminals

Hackers had access to dashboards used to remotely manage and control thousands of credit card payment terminals manufactured by digital payments giant Wiseasy, a cybersecurity startup told TechCrunch. Wiseasy is a brand you might not have heard of, but it’s a popular Android-based payment terminal maker used in restaurants, hotels, retail outlets and schools across Read more about Hackers stole passwords for accessing 140,000 Wiseasy payment terminals[…]