As smartphone manufacturers are improving the ear speakers in their devices, it can become easier for malicious actors to leverage a particular side-channel for eavesdropping on a targeted user’s conversations, according to a team of researchers from several universities in the United States. The attack method, named EarSpy, is described in a paper published just Read more about EarSpy: Spying on Phone Calls via Ear Speaker Vibrations Captured by Accelerometer[…]

In a reminder of smart home security’s dark side, two people hacked Ring security cameras to livestream swattings, according to a Los Angeles grand jury indictment (according to a report from Bloomberg). The pair called in hoax emergencies to authorities and livestreamed the police response on social media in late 2020. James Thomas Andrew McCarty, Read more about Two people charged with hacking Ring security cameras to livestream swattings[…]

Password locker LastPass has warned customers that the August 2022 attack on its systems saw unknown parties copy encrypted files that contains the passwords to their accounts. In a December 22nd update to its advice about the incident, LastPass brings customers up to date by explaining that the August 2022 attack saw “some source code Read more about LastPass admits attackers copied password vaults[…]

[…] this modchip-based hack of a Starlink terminal brings us. [Lennert Wouters]’ team has been poking and prodding at the Starlink User Terminal, trying to get root access, and needed to bypass the ARM Trusted Firmware boot-time integrity checks. The terminal’s PCB is satellite-dish-sized, so things like laser fault injection are hard to set up Read more about A Modchip To Root Starlink User Terminals Through Voltage Glitching[…]

Thousands of smartphone applications in Apple (AAPL.O) and Google’s (GOOGL.O) online stores contain computer code developed by a technology company, Pushwoosh, that presents itself as based in the United States, but is actually Russian, Reuters has found. […] The U.S. Army said it had removed an app containing Pushwoosh code in March because of the Read more about Russian software disguised as American finds its way into U.S. Army, CDC apps[…]

Hackers who stole customer data from Australia’s largest health insurer Medibank have released a file of pregnancy terminations. It follows Medibank’s refusal to pay a ransom for the data, supported by the Australian government. Medibank urged the public to not seek out the files, which contain the names of policy holders rather than patients. CEO Read more about Medibank: Hackers release abortion data after stealing Australian medical records[…]

Spy chiefs have ordered ministers to stop using their personal phones to conduct government business following a suspected Kremlin hack on Liz Truss’s mobile. A Whitehall source said all ministers involved in national security would be expected to attend fresh training with the security services this week ‘to ensure everyone is aware how this material Read more about Suspected Kremlin hack on Liz Truss’s mobile sparks security clampdown[…]

Medibank Private Ltd (MPL.AX), Australia’s biggest health insurer, said on Wednesday a cyber hack had compromised data of all of its of its nearly 4 million customers, as it warned of a A$25 million to A$35 million ($16 million to $22.3 million) hit to first-half earnings. It said on Wednesday that all personal and significant Read more about Australia’s Medibank says data of 4 mln customers accessed by hacker[…]

Cybercriminals have used two strains of point-of-sale (POS) malware to steal the details of more than 167,000 credit cards from payment terminals. The backend command-and-control (C2) server that operates the MajikPOS and Treasure Hunter malware remains active, according to Group-IB’s Nikolay Shelekhov and Said Khamchiev, and “the number of victims keeps growing,” they said this Read more about Crooks use POS malware to steal 167,000 credit card numbers from shops with open VNC + RDP ports[…]

A dark web carding market named ‘BidenCash’ has released a massive dump of 1,221,551 credit cards to promote their marketplace, allowing anyone to download them for free to conduct financial fraud. Carding is the trafficking and use of credit cards stolen through point-of-sale malware, magecart attacks on websites, or information-stealing malware. BidenCash is a stolen cards marketplace launched Read more about Default title[…]

Researchers at the Synopsys Cybersecurity Research Center (CyRC) have discovered an availability vulnerability in the IKEA TRÅDFRI smart lighting system. An attacker sending a single malformed IEEE 802.15.4 (Zigbee) frame makes the TRÅDFRI bulb blink, and if they replay (i.e. resend) the same frame multiple times, the bulb performs a factory reset. This causes the Read more about IKEA TRÅDFRI smart lighting hacked to blink and reset[…]

Iran state TV was apparently hacked Saturday, with its usual broadcast footage of muttering geriatric clerics replaced by a masked face followed by a picture of Supreme Leader Ali Khamenei with a target over his head, the sound of a gunshot, and chants of “Women, Life, Freedom!” BBC News identifies the pirate broadcaster as Adalat Read more about Protestors hack Iran state TV live on air[…]

[…] The alleged hacker – who threatened to sell the data unless a ransom was paid – took names, birth dates, phone numbers, addresses, and passport, healthcare and drivers’ license details from Optus, the country’s second-largest telecommunications company. Of the 10 million people whose data was exposed, almost 3 million had crucial identity documents accessed. Read more about Australian Optus telco data debacle gets worse and worse – non-existent security and no govt regulation[…]

For decades, virtualization software has offered a way to vastly multiply computers’ efficiency, hosting entire collections of computers as “virtual machines” on just one physical machine. And for almost as long, security researchers have warned about the potential dark side of that technology: theoretical “hyperjacking” and “Blue Pill” attacks, where hackers hijack virtualization to spy Read more about Hackers Are Hypervisor Hijacking in the wild now[…]

Following one of the biggest data breaches in Australian history, the government of Australia is planning to get stricter on requirements for disclosure of cyber attacks. From a report: On Monday, Prime Minister Anthony Albanese told Australian radio station 4BC that the government intended to overhaul privacy legislation so that any company suffering a data Read more about Australia To Overhaul Privacy Laws After Optus data breach exposes 40% of AU population[…]

The listing allegedly includes 350 million Ask.FM user records, with the threat actor also offering 607 repositories plus their Gitlab, Jira, and Confluence databases. Ask.FM is a question and answer network launched in June 2010, with over 215 million registered users. “I’m selling the users database of Ask.fm and ask.com. For connoisseurs, you can also Read more about Ask.FM database with 350m user records allegedly sold online[…]

Fintech startup Revolut has confirmed it was hit by a highly targeted cyberattack that allowed hackers to access the personal details of tens of thousands of customers. Revolut spokesperson Michael Bodansky told TechCrunch that an “unauthorized third party obtained access to the details of a small percentage (0.16%) of our customers for a short period Read more about Revolut banking confirms cyberattack exposed personal data of tens of thousands of users[…]

Take-Two is definitely not having a good time of it. Following the weekend’s colossal leak of GTA VI, its septimana horribilis continues with the fresh news that its 2K Games support services have been hacked, and customers are now being sent out phishing scams. Posting to the official 2K Support Twitter account, 2K explained that Read more about GTA Publisher Take-Two’s Bad Week Gets Worse With Disaster Hack[…]

Evgeny Gaevoy, the founder and chief executive of Wintermute, disclosed in a series of tweets that the firm’s decentralized finance operations had been hacked, but centralized finance and over the counter verticals aren’t affected. He said that Wintermute — which counts Lightspeed Venture Partners, Pantera Capital and Fidelity’s Avon among its backers — remains solvent Read more about Crypto market maker Wintermute loses $160 million in DeFi hack[…]

[…] In real life, high-quality combination locks are not vulnerable to such simple attacks, but cheap ones can often be bypassed with a minimum of effort. Some are so simple that this process can even be automated, as [Mew463] has shown by building a machine that can open a Master combination lock in less than Read more about Robot Opens Master Combination Locks In Less Than A Minute[…]

In a security alert updated on Monday, the US government’s Cybersecurity and Infrastructure Security Agency (CISA) and the Multi-State Information Sharing and Analysis Center (MS-ISAC) warned that cybercriminals are actively exploiting five vulnerabilities in the Zimbra Collaboration Suite (ZCS) to break into both government and private-sector networks. The agencies have provided fresh detection signatures to Read more about Have you patched your Zimbra server – actively exploited hacks[…]

[…] A pair of preprint papers from Mordechai Guri, head of R&D at Ben-Gurion University’s Cyber Security Research Labs, detail new methods for transmitting data ultrasonically to smartphone gyroscopes and sending Morse code signals via LEDs on network interface cards (NICs). Dubbed Gairoscope and EtherLED respectively, the two exploits are the latest in a long Read more about Smartphone gyroscopes and LED threaten air-gapped systems[…]

Binance Chief Communications Officer Patrick Hillmann wrote in a blog post last week that internet scammers had been using deepfake technology to copy his image during video meetings. He started to catch on to this trend when he received messages from the leadership of various crypto projects thanking him for meetings he never attended. Hillmann Read more about Hackers Use Deepfakes of Binance Exec to Scam Crypto Projects[…]

Researchers say that a mysterious “threat actor” (a fancy term for a hacker or hacker group) has managed to steal nearly 10,000 login credentials from the employees of 130 organizations, in the latest far-reaching supply chain attack on corporate America. Many of the victims are prominent software companies, including firms like Twilio, MailChimp, and Cloudflare, Read more about Oktatapus Hack Stole 10,000 Logins From 130 Different Orgs[…]