Hackers recently stole $190 million from cryptocurrency cross-chain token platform Nomad, and now the company says it will pay a bounty to the thieves if they return those assets. Nomad says it will pay the hackers an amount that is worth up to 10% of the stolen funds and call off its lawyers after the Read more about Cryptocurrency firm Nomad offers 10% bounty to hackers who stole $190 million[…]
According to cyber security firm Volexity, the threat research team has found the North Korean ‘SharpTongue’ group, which appears to be part of, or related to, the Kimsuky advanced persistent threat group, deploying malware called SHARPEXT that doesn’t need your Gmail login credentials at all. Instead, it “directly inspects and exfiltrates data” from a Gmail Read more about New Gmail Attack Bypasses Passwords And 2FA To Read All Email in browser extension[…]
Hackers had access to dashboards used to remotely manage and control thousands of credit card payment terminals manufactured by digital payments giant Wiseasy, a cybersecurity startup told TechCrunch. Wiseasy is a brand you might not have heard of, but it’s a popular Android-based payment terminal maker used in restaurants, hotels, retail outlets and schools across Read more about Hackers stole passwords for accessing 140,000 Wiseasy payment terminals[…]
For a little over 12 hours on 26-27 July, a network operated by Russia’s Rostelecom started announcing routes for part of Apple’s network. The effect was that Internet users in parts of the Internet trying to connect to Apple’s services may have been redirected to the Rostelecom network. Apple Engineering appears to have been successful Read more about For 12 Hours, Was Part of Apple Engineering’s Network Hijacked by Russia’s Rostelecom?[…]
Researchers have unpacked a major cybersecurity find—a malicious UEFI-based rootkit used in the wild since 2016 to ensure computers remained infected even if an operating system is reinstalled or a hard drive is completely replaced. The firmware compromises the UEFI, the low-level and highly opaque chain of firmware required to boot up nearly every modern computer. Read more about Discovery of UEFI rootkit exposes an ugly truth: The attacks are invisible to us[…]
The United States’ federal court system “faced an incredibly significant and sophisticated cyber security breach, one which has since had lingering impacts on the department and other agencies.” That quote comes from congressional representative Jerrold Lewis Nadler, who uttered them on Thursday in his introductory remarks to a House Committee on the Judiciary hearing conducting Read more about US court system suffered ‘incredibly significant attack’ – no details known yet[…]
The Car Last summer I bought a 2021 Hyundai Ioniq SEL. It is a nice fuel-efficient hybrid with a decent amount of features like wireless Android Auto/Apple CarPlay, wireless phone charging, heated seats, & a sunroof. One thing I particularly liked about this vehicle was the In-Vehicle Infotainment (IVI) system. As I mentioned before it Read more about how I Hacked My Car – completely pwn a 2021 Hyundai Ioniq head unit – a story in 3 parts[…]
[greenluigi1] bought a Hyundai Ioniq car, and then, to our astonishment, absolutely demolished the Linux-based head unit firmware. By that, we mean that he bypassed all of the firmware update authentication mechanisms, reverse-engineered the firmware updates, and created subversive update files that gave him a root shell on his own unit. Then, he reverse-engineered the Read more about Hacker Liberates Hyundai Head Unit, Writes Custom Apps | Hackaday[…]
[…] researchers have shown that it’s possible to clone these devices, as reported by Hackster.io. The research paper explains the cloning process, which requires physical access to the hardware. To achieve the hack, the Nordic nRF52832 inside the AirTag must be voltage glitched to enable its debug port. The researchers were able to achieve this Read more about Apple AirTags Hacked And Cloned With Voltage Glitching[…]
The US Supreme Court justices who overturned Roe v. Wade last month may have been doxxed – had their personal information including physical and IP addresses, and credit card info revealed – according to threat intel firm Cybersixgill. As expected, the fallout from the controversial ruling, which reversed the court’s 1973 decision that federally protected Read more about Supremes ‘doxxed’ after overturning Roe v Wade[…]
Posing as a scholar, a Chinese woman spent years writing alternative accounts of medieval Russian history on Chinese Wikipedia, conjuring imaginary states, battles, and aristocrats in one of the largest hoaxes on the open-source platform. The scam was exposed last month by Chinese novelist Yifan, who was researching for a book when he came upon Read more about A Bored Chinese Housewife Spent Years Falsifying Russian History on Wikipedia[…]
[…] Joshua Schulte was convicted of sending the CIA’s “Vault 7” cyber-warfare tools to the whistle-blowing platform. He had denied the allegations. The 2017 leak of some 8,761 documents revealed how intelligence officers hacked smartphones overseas and turned them into listening devices. Prosecutors said the leak was one of the most “brazen” in US history. Read more about Joshua Schulte: Former CIA hacker convicted of Vault 7 data leak[…]
Hackers have uncovered ways to unlock and start nearly all modern Honda-branded vehicles by wirelessly stealing codes from an owner’s key fob. Dubbed “Rolling Pwn,” the attack allows any individual to “eavesdrop” on a remote key fob from nearly 100 feet away and reuse them later to unlock or start a vehicle in the future Read more about Rolling pwn hack opens Honda cars by listening to keyfob 100 feet away[…]
Hotel group Marriott International has confirmed another data breach, with hackers claiming to have stolen 20 gigabytes of sensitive data, including guests’ credit card information. The incident, first reported by Databreaches.net, is said to have happened in June when an unnamed hacking group claimed they used social engineering to trick an employee at a Marriott Read more about Marriott Hotels confirms yet another data breach[…]
A hacker has claimed to have procured a trove of personal information from the Shanghai police on one billion Chinese citizens, which tech experts say, if true, would be one of the biggest data breaches in history. The anonymous internet user, identified as “ChinaDan,” posted on hacker forum Breach Forums last week offering to sell Read more about Hacker claims to have stolen data of 1bn Chinese from Shanghai police[…]
[…] At least 75 U.S. and European companies, three dozen advocacy and media groups and numerous Western business executives were the subjects of these hacking attempts, Reuters found. The Reuters report is based on interviews with victims, researchers, investigators, former U.S. government officials, lawyers and hackers, plus a review of court records from seven countries. It also Read more about How mercenary hackers sway litigation battles – based on trove of Indian hackers[…]
An employee of OpenSea’s email delivery vendor Customer.io “misused” their access to download and share OpenSea users’ and newsletter subscribers’ email addresses “with an unauthorized external party,” Head of Security Cory Hardman warned on Wednesday. “If you have shared your email with OpenSea in the past, you should assume you were impacted,” Hardman continued. To Read more about OpenSea (NFT marketplace) 3rd party vendor leaked all customers’ email addresses – perfect suckers for phishing campaign list[…]
[…]researchers from Lumen Technologies’ Black Lotus Labs say they’ve identified at least 80 targets infected by the stealthy malware, infecting routers made by Cisco, Netgear, Asus, and DrayTek. Dubbed ZuoRAT, the remote access Trojan is part of a broader hacking campaign that has existed since at least the fourth quarter of 2020 and continues to Read more about A wide range of routers are under attack by new, unusually sophisticated malware[…]
Machine learning is vulnerable to a wide variety of attacks. It is now well understood that by changing the underlying data distribution, an adversary can poison the model trained with it or introduce backdoors. In this paper we present a novel class of training-time attacks that require no changes to the underlying dataset or model Read more about Attacking ML systems by changing the order of the training data[…]
[…] The South Korean titan was said to have unfairly goosed Galaxy Note 3 phone benchmarks in 2013, and faced with similar allegations about the Galaxy S4 in 2018 settled that matter for $13.4 million. This time Samsung has allegedly fudged the results for its televisions, specifically the S95B QD-OLED and QN95B Neo OLED LCD Read more about Samsung accused of cheating on hardware benchmarks – again[…]
We show how a malicious learner can plant an undetectable backdoor into a classifier. On the surface, such a backdoored classifier behaves normally, but in reality, the learner maintains a mechanism for changing the classification of any input, with only a slight perturbation. Importantly, without the appropriate “backdoor key”, the mechanism is hidden and cannot Read more about Planting Undetectable Backdoors in Machine Learning Models[…]
[…] In one exemplary stalking case, a fashion and fitness model discovered an AirTag in her coat pocket after having received a tracking warning notification from her iPhone. Other times, AirTags were placed in expensive cars or motorbikes to track them from parking spots to their owner’s home, where they were then stolen. On February Read more about Find you: an airtag which Apple can’t find in unwanted tracking[…]
If you’ve been following the latest news on government surveillance scandals around the world, the name Pegasus may have popped up in your feed. It’s a complex story, so we’ve put together an infographic explainer that covers all the basics. How does Pegasus work? Check. Which world leaders were targeted? Check. Astonishing subscription costs? Check. Read more about What Is Pegasus Spyware? Why is it important? Infographic[…]
General Motors suffered a hack that exposed a significant amount of sensitive personal information on car owners—names, addresses, phone numbers, locations, car mileage, and maintenance history. The Detroit-based automaker revealed details of the incident in a breach disclosure filed with the California Attorney General’s Office on May 16. The disclosure explains that malicious login activity Read more about GM Discloses Data Breach of Cars’ Locations, Mileage, Service[…]
Miscreants have dumped on Telegram more than 142 million customer records stolen from MGM Resorts, exposing names, postal and email addresses, phone numbers, and dates of birth for any would-be identity thief. The vpnMentor research team stumbled upon the files, which totaled 8.7 GB of data, on the messaging platform earlier this week, and noted Read more about MGM Resorts’ 142m person customer data now leaked on Telegram for free[…]