Australian Optus telco data debacle gets worse and worse – non-existent security and no govt regulation

[…] The alleged hacker – who threatened to sell the data unless a ransom was paid – took names, birth dates, phone numbers, addresses, and passport, healthcare and drivers’ license details from Optus, the country’s second-largest telecommunications company. Of the 10 million people whose data was exposed, almost 3 million had crucial identity documents accessed. Read more about Australian Optus telco data debacle gets worse and worse – non-existent security and no govt regulation[…]

Hackers Are Hypervisor Hijacking in the wild now

For decades, virtualization software has offered a way to vastly multiply computers’ efficiency, hosting entire collections of computers as “virtual machines” on just one physical machine. And for almost as long, security researchers have warned about the potential dark side of that technology: theoretical “hyperjacking” and “Blue Pill” attacks, where hackers hijack virtualization to spy Read more about Hackers Are Hypervisor Hijacking in the wild now[…]

Australia To Overhaul Privacy Laws After Optus data breach exposes 40% of AU population

Following one of the biggest data breaches in Australian history, the government of Australia is planning to get stricter on requirements for disclosure of cyber attacks. From a report: On Monday, Prime Minister Anthony Albanese told Australian radio station 4BC that the government intended to overhaul privacy legislation so that any company suffering a data Read more about Australia To Overhaul Privacy Laws After Optus data breach exposes 40% of AU population[…]

Ask.FM database with 350m user records allegedly sold online

The listing allegedly includes 350 million Ask.FM user records, with the threat actor also offering 607 repositories plus their Gitlab, Jira, and Confluence databases. Ask.FM is a question and answer network launched in June 2010, with over 215 million registered users. “I’m selling the users database of Ask.fm and ask.com. For connoisseurs, you can also Read more about Ask.FM database with 350m user records allegedly sold online[…]

Revolut banking confirms cyberattack exposed personal data of tens of thousands of users

Fintech startup Revolut has confirmed it was hit by a highly targeted cyberattack that allowed hackers to access the personal details of tens of thousands of customers. Revolut spokesperson Michael Bodansky told TechCrunch that an “unauthorized third party obtained access to the details of a small percentage (0.16%) of our customers for a short period Read more about Revolut banking confirms cyberattack exposed personal data of tens of thousands of users[…]

GTA Publisher Take-Two’s Bad Week Gets Worse With Disaster Hack

Take-Two is definitely not having a good time of it. Following the weekend’s colossal leak of GTA VI, its septimana horribilis continues with the fresh news that its 2K Games support services have been hacked, and customers are now being sent out phishing scams. Posting to the official 2K Support Twitter account, 2K explained that Read more about GTA Publisher Take-Two’s Bad Week Gets Worse With Disaster Hack[…]

Crypto market maker Wintermute loses $160 million in DeFi hack

Evgeny Gaevoy, the founder and chief executive of Wintermute, disclosed in a series of tweets that the firm’s decentralized finance operations had been hacked, but centralized finance and over the counter verticals aren’t affected. He said that Wintermute — which counts Lightspeed Venture Partners, Pantera Capital and Fidelity’s Avon among its backers — remains solvent Read more about Crypto market maker Wintermute loses $160 million in DeFi hack[…]

Robot Opens Master Combination Locks In Less Than A Minute

[…] In real life, high-quality combination locks are not vulnerable to such simple attacks, but cheap ones can often be bypassed with a minimum of effort. Some are so simple that this process can even be automated, as [Mew463] has shown by building a machine that can open a Master combination lock in less than Read more about Robot Opens Master Combination Locks In Less Than A Minute[…]

Have you patched your Zimbra server – actively exploited hacks

In a security alert updated on Monday, the US government’s Cybersecurity and Infrastructure Security Agency (CISA) and the Multi-State Information Sharing and Analysis Center (MS-ISAC) warned that cybercriminals are actively exploiting five vulnerabilities in the Zimbra Collaboration Suite (ZCS) to break into both government and private-sector networks. The agencies have provided fresh detection signatures to Read more about Have you patched your Zimbra server – actively exploited hacks[…]

Smartphone gyroscopes and LED threaten air-gapped systems

[…] A pair of preprint papers from Mordechai Guri, head of R&D at Ben-Gurion University’s Cyber Security Research Labs, detail new methods for transmitting data ultrasonically to smartphone gyroscopes and sending Morse code signals via LEDs on network interface cards (NICs). Dubbed Gairoscope and EtherLED respectively, the two exploits are the latest in a long Read more about Smartphone gyroscopes and LED threaten air-gapped systems[…]

Hackers Use Deepfakes of Binance Exec to Scam Crypto Projects

Binance Chief Communications Officer Patrick Hillmann wrote in a blog post last week that internet scammers had been using deepfake technology to copy his image during video meetings. He started to catch on to this trend when he received messages from the leadership of various crypto projects thanking him for meetings he never attended. Hillmann Read more about Hackers Use Deepfakes of Binance Exec to Scam Crypto Projects[…]

Oktatapus Hack Stole 10,000 Logins From 130 Different Orgs

Researchers say that a mysterious “threat actor” (a fancy term for a hacker or hacker group) has managed to steal nearly 10,000 login credentials from the employees of 130 organizations, in the latest far-reaching supply chain attack on corporate America. Many of the victims are prominent software companies, including firms like Twilio, MailChimp, and Cloudflare, Read more about Oktatapus Hack Stole 10,000 Logins From 130 Different Orgs[…]

Samsung says customer data stolen in July data breach – again

Electronics giant Samsung has confirmed a data breach affecting customers’ personal information. In a brief notice, Samsung said it discovered the security incident in late-July and that an “unauthorized third party acquired information from some of Samsung’s U.S. systems.” The company said it determined customer data was compromised on August 4. Samsung said Social Security Read more about Samsung says customer data stolen in July data breach – again[…]

Twilio SMS service attacker ‘explicitly’ looked for 3 Signal numbers

The security breach at Twilio earlier this month affected at least one high-value customer, Signal, and led to the exposure of the phone number and SMS registration codes for 1,900 users of the encrypted messaging service, it confirmed. However, Signal – considered one of the better secured of all the encrypted messaging apps – claims the Read more about Twilio SMS service attacker ‘explicitly’ looked for 3 Signal numbers[…]

Cryptocurrency firm Nomad offers 10% bounty to hackers who stole $190 million

Hackers recently stole $190 million from cryptocurrency cross-chain token platform Nomad, and now the company says it will pay a bounty to the thieves if they return those assets. Nomad says it will pay the hackers an amount that is worth up to 10% of the stolen funds and call off its lawyers after the Read more about Cryptocurrency firm Nomad offers 10% bounty to hackers who stole $190 million[…]

New Gmail Attack Bypasses Passwords And 2FA To Read All Email in browser extension

According to cyber security firm Volexity, the threat research team has found the North Korean ‘SharpTongue’ group, which appears to be part of, or related to, the Kimsuky advanced persistent threat group, deploying malware called SHARPEXT that doesn’t need your Gmail login credentials at all. Instead, it “directly inspects and exfiltrates data” from a Gmail Read more about New Gmail Attack Bypasses Passwords And 2FA To Read All Email in browser extension[…]

Hackers stole passwords for accessing 140,000 Wiseasy payment terminals

Hackers had access to dashboards used to remotely manage and control thousands of credit card payment terminals manufactured by digital payments giant Wiseasy, a cybersecurity startup told TechCrunch. Wiseasy is a brand you might not have heard of, but it’s a popular Android-based payment terminal maker used in restaurants, hotels, retail outlets and schools across Read more about Hackers stole passwords for accessing 140,000 Wiseasy payment terminals[…]

For 12 Hours, Was Part of Apple Engineering’s Network Hijacked by Russia’s Rostelecom?

For a little over 12 hours on 26-27 July, a network operated by Russia’s Rostelecom started announcing routes for part of Apple’s network. The effect was that Internet users in parts of the Internet trying to connect to Apple’s services may have been redirected to the Rostelecom network. Apple Engineering appears to have been successful Read more about For 12 Hours, Was Part of Apple Engineering’s Network Hijacked by Russia’s Rostelecom?[…]

Discovery of UEFI rootkit exposes an ugly truth: The attacks are invisible to us

Researchers have unpacked a major cybersecurity find—a malicious UEFI-based rootkit used in the wild since 2016 to ensure computers remained infected even if an operating system is reinstalled or a hard drive is completely replaced. The firmware compromises the UEFI, the low-level and highly opaque chain of firmware required to boot up nearly every modern computer. Read more about Discovery of UEFI rootkit exposes an ugly truth: The attacks are invisible to us[…]

US court system suffered ‘incredibly significant attack’ – no details known yet

The United States’ federal court system “faced an incredibly significant and sophisticated cyber security breach, one which has since had lingering impacts on the department and other agencies.” That quote comes from congressional representative Jerrold Lewis Nadler, who uttered them on Thursday in his introductory remarks to a House Committee on the Judiciary hearing conducting Read more about US court system suffered ‘incredibly significant attack’ – no details known yet[…]

how I Hacked My Car – completely pwn a 2021 Hyundai Ioniq head unit – a story in 3 parts

The Car Last summer I bought a 2021 Hyundai Ioniq SEL. It is a nice fuel-efficient hybrid with a decent amount of features like wireless Android Auto/Apple CarPlay, wireless phone charging, heated seats, & a sunroof. One thing I particularly liked about this vehicle was the In-Vehicle Infotainment (IVI) system. As I mentioned before it Read more about how I Hacked My Car – completely pwn a 2021 Hyundai Ioniq head unit – a story in 3 parts[…]

Hacker Liberates Hyundai Head Unit, Writes Custom Apps | Hackaday

[greenluigi1] bought a Hyundai Ioniq car, and then, to our astonishment, absolutely demolished the Linux-based head unit firmware. By that, we mean that he bypassed all of the firmware update authentication mechanisms, reverse-engineered the firmware updates, and created subversive update files that gave him a root shell on his own unit. Then, he reverse-engineered the Read more about Hacker Liberates Hyundai Head Unit, Writes Custom Apps | Hackaday[…]

Apple AirTags Hacked And Cloned With Voltage Glitching

[…] researchers have shown that it’s possible to clone these devices, as reported by Hackster.io. The research paper explains the cloning process, which requires physical access to the hardware. To achieve the hack, the Nordic nRF52832 inside the AirTag must be voltage glitched to enable its debug port. The researchers were able to achieve this Read more about Apple AirTags Hacked And Cloned With Voltage Glitching[…]

Supremes ‘doxxed’ after overturning Roe v Wade

The US Supreme Court justices who overturned Roe v. Wade last month may have been doxxed – had their personal information including physical and IP addresses, and credit card info revealed – according to threat intel firm Cybersixgill. As expected, the fallout from the controversial ruling, which reversed the court’s 1973 decision that federally protected Read more about Supremes ‘doxxed’ after overturning Roe v Wade[…]