A Bored Chinese Housewife Spent Years Falsifying Russian History on Wikipedia

Posing as a scholar, a Chinese woman spent years writing alternative accounts of medieval Russian history on Chinese Wikipedia, conjuring imaginary states, battles, and aristocrats in one of the largest hoaxes on the open-source platform. The scam was exposed last month by Chinese novelist Yifan, who was researching for a book when he came upon Read more about A Bored Chinese Housewife Spent Years Falsifying Russian History on Wikipedia[…]

Joshua Schulte: Former CIA hacker convicted of Vault 7 data leak

[…] Joshua Schulte was convicted of sending the CIA’s “Vault 7” cyber-warfare tools to the whistle-blowing platform. He had denied the allegations. The 2017 leak of some 8,761 documents revealed how intelligence officers hacked smartphones overseas and turned them into listening devices. Prosecutors said the leak was one of the most “brazen” in US history. Read more about Joshua Schulte: Former CIA hacker convicted of Vault 7 data leak[…]

Rolling pwn hack opens Honda cars by listening to keyfob 100 feet away

Hackers have uncovered ways to unlock and start nearly all modern Honda-branded vehicles by wirelessly stealing codes from an owner’s key fob. Dubbed “Rolling Pwn,” the attack allows any individual to “eavesdrop” on a remote key fob from nearly 100 feet away and reuse them later to unlock or start a vehicle in the future Read more about Rolling pwn hack opens Honda cars by listening to keyfob 100 feet away[…]

Marriott Hotels confirms yet another data breach

Hotel group Marriott International has confirmed another data breach, with hackers claiming to have stolen 20 gigabytes of sensitive data, including guests’ credit card information. The incident, first reported by Databreaches.net, is said to have happened in June when an unnamed hacking group claimed they used social engineering to trick an employee at a Marriott Read more about Marriott Hotels confirms yet another data breach[…]

Hacker claims to have stolen data of 1bn Chinese from Shanghai police

A hacker has claimed to have procured a trove of personal information from the Shanghai police on one billion Chinese citizens, which tech experts say, if true, would be one of the biggest data breaches in history. The anonymous internet user, identified as “ChinaDan,” posted on hacker forum Breach Forums last week offering to sell Read more about Hacker claims to have stolen data of 1bn Chinese from Shanghai police[…]

How mercenary hackers sway litigation battles – based on trove of Indian hackers

[…] At least 75 U.S. and European companies, three dozen advocacy and media groups and numerous Western business executives were the subjects of these hacking attempts, Reuters found. The Reuters report is based on interviews with victims, researchers, investigators, former U.S. government officials, lawyers and hackers, plus a review of court records from seven countries. It also Read more about How mercenary hackers sway litigation battles – based on trove of Indian hackers[…]

OpenSea (NFT marketplace) 3rd party vendor leaked all customers’ email addresses – perfect suckers for phishing campaign list

An employee of OpenSea’s email delivery vendor Customer.io “misused” their access to download and share OpenSea users’ and newsletter subscribers’ email addresses “with an unauthorized external party,” Head of Security Cory Hardman warned on Wednesday. “If you have shared your email with OpenSea in the past, you should assume you were impacted,” Hardman continued. To Read more about OpenSea (NFT marketplace) 3rd party vendor leaked all customers’ email addresses – perfect suckers for phishing campaign list[…]

A wide range of routers are under attack by new, unusually sophisticated malware

[…]researchers from Lumen Technologies’ Black Lotus Labs say they’ve identified at least 80 targets infected by the stealthy malware, infecting routers made by Cisco, Netgear, Asus, and DrayTek. Dubbed ZuoRAT, the remote access Trojan is part of a broader hacking campaign that has existed since at least the fourth quarter of 2020 and continues to Read more about A wide range of routers are under attack by new, unusually sophisticated malware[…]

Attacking ML systems by changing  the order of the training data

Machine learning is vulnerable to a wide variety of attacks. It is now well understood that by changing the underlying data distribution, an adversary can poison the model trained with it or introduce backdoors. In this paper we present a novel class of training-time attacks that require no changes to the underlying dataset or model Read more about Attacking ML systems by changing  the order of the training data[…]

Samsung accused of cheating on hardware benchmarks – again

[…] The South Korean titan was said to have unfairly goosed Galaxy Note 3 phone benchmarks in 2013, and faced with similar allegations about the Galaxy S4 in 2018 settled that matter for $13.4 million. This time Samsung has allegedly fudged the results for its televisions, specifically the S95B QD-OLED and QN95B Neo OLED LCD Read more about Samsung accused of cheating on hardware benchmarks – again[…]

Planting Undetectable Backdoors in Machine Learning Models

We show how a malicious learner can plant an undetectable backdoor into a classifier. On the surface, such a backdoored classifier behaves normally, but in reality, the learner maintains a mechanism for changing the classification of any input, with only a slight perturbation. Importantly, without the appropriate “backdoor key”, the mechanism is hidden and cannot Read more about Planting Undetectable Backdoors in Machine Learning Models[…]

Find you: an airtag which Apple can’t find in unwanted tracking

[…] In one exemplary stalking case, a fashion and fitness model discovered an AirTag in her coat pocket after having received a tracking warning notification from her iPhone. Other times, AirTags were placed in expensive cars or motorbikes to track them from parking spots to their owner’s home, where they were then stolen. On February Read more about Find you: an airtag which Apple can’t find in unwanted tracking[…]

What Is Pegasus Spyware? Why is it important? Infographic

If you’ve been following the latest news on government surveillance scandals around the world, the name Pegasus may have popped up in your feed. It’s a complex story, so we’ve put together an infographic explainer that covers all the basics. How does Pegasus work? Check. Which world leaders were targeted? Check. Astonishing subscription costs? Check. Read more about What Is Pegasus Spyware? Why is it important? Infographic[…]

GM Discloses Data Breach of Cars’ Locations, Mileage, Service

General Motors suffered a hack that exposed a significant amount of sensitive personal information on car owners—names, addresses, phone numbers, locations, car mileage, and maintenance history. The Detroit-based automaker revealed details of the incident in a breach disclosure filed with the California Attorney General’s Office on May 16. The disclosure explains that malicious login activity Read more about GM Discloses Data Breach of Cars’ Locations, Mileage, Service[…]

MGM Resorts’ 142m person customer data now leaked on Telegram for free

Miscreants have dumped on Telegram more than 142 million customer records stolen from MGM Resorts, exposing names, postal and email addresses, phone numbers, and dates of birth for any would-be identity thief. The vpnMentor research team stumbled upon the files, which totaled 8.7 GB of data, on the messaging platform earlier this week, and noted Read more about MGM Resorts’ 142m person customer data now leaked on Telegram for free[…]

Hackers deface Russian platforms and smart TVs to display anti-war messages

On the same day Russia celebrated its role in defeating Nazi Germany, many of the country’s online platforms were defaced in protest of the war in Ukraine. The Washington Post reported on Monday that Russians with smart TVs saw channel listings replaced with a message implicating them in the ongoing conflict. “The blood of thousands Read more about Hackers deface Russian platforms and smart TVs to display anti-war messages[…]

Hackers are now hiding malware in Windows Event Logs

Security researchers have noticed a malicious campaign that used Windows event logs to store malware, a technique that has not been previously documented publicly for attacks in the wild. The method enabled the threat actor behind the attack to plant fileless malware in the file system in an attack filled with techniques and modules designed Read more about Hackers are now hiding malware in Windows Event Logs[…]

Russian Cinemas Are Showing Pirated Movies Downloaded From Torrents

In response to Russia’s invasion of Ukraine, several Hollywood studios announced the immediate suspension of new releases in Russia. Unexpectedly, some Russian theaters are still able to show movies such as The Batman on the big screen but this isn’t down to the studios. The movies are sourced from illegal torrent sites and few seem Read more about Russian Cinemas Are Showing Pirated Movies Downloaded From Torrents[…]

U.S. and European partners take down hacker website RaidForums

WASHINGTON/THE HAGUE, April 12 (Reuters) – U.S. and European authorities said on Tuesday they had seized RaidForums, a popular website used by hackers to buy and sell stolen data, and the United States also unsealed charges against the website’s founder and chief administrator Diego Santos Coelho. Coelho, 21, of Portugal, was arrested in the United Read more about U.S. and European partners take down hacker website RaidForums[…]

Fraudsters use ‘fake emergency data requests’ to steal info

Cybercriminals have used fake emergency data requests (EDRs) to steal sensitive customer data from service providers and social media firms. At least one report suggests Apple, and Facebook’s parent company Meta, were victims of this fraud. Both Apple and Meta handed over users’ addresses, phone numbers, and IP addresses in mid-2021 after being duped by Read more about Fraudsters use ‘fake emergency data requests’ to steal info[…]

Viasat confirms satellite modems were wiped with AcidRain malware – 7th wiper deployed against Ukraine this year

A newly discovered data wiper malware that wipes routers and modems has been deployed in the cyberattack that targeted the KA-SAT satellite broadband service to wipe SATCOM modems on February 24, affecting thousands in Ukraine and tens of thousands more across Europe. The malware, dubbed AcidRain by researchers at SentinelOne, is designed to brute-force device Read more about Viasat confirms satellite modems were wiped with AcidRain malware – 7th wiper deployed against Ukraine this year[…]

Justice Department indicts four Russian government workers in energy sector hacks

The US Justice Department today announced indictments against four Russian government employees, who it alleges attempted a hacking campaign of the global energy sector that spanned six years and devices in roughly 135 countries. The two indictments were filed under seal last summer, and are finally being disclosed to the public. The DOJ’s decision to Read more about Justice Department indicts four Russian government workers in energy sector hacks[…]

British cops arrest seven < 21 yr kids in Lapsus$ crime gang probe after they break into and dox the tech giants

British cops investigating a cyber-crime group have made a string of arrests. Though City of London Police gave few details on Thursday, officers are said to be probing the notorious extortionware gang Lapsus$, and have detained and released seven people aged 16 to 21. In a statement, the force said: “Seven people between the ages Read more about British cops arrest seven < 21 yr kids in Lapsus$ crime gang probe after they break into and dox the tech giants[…]

Samsung Galaxy Source Code Stolen in Data Breach, might show they slow down specific apps

Samsung confirmed on Monday that a cybersecurity attack exposed sensitive internal data including source code for Galaxy smartphones. The group claiming responsibility for the attack, Lapsus$, is the same hacking outfit that breached Nvidia last week and leaked employee credentials and proprietary information onto the internet. In the Samsung hack, the group purportedly posted a Read more about Samsung Galaxy Source Code Stolen in Data Breach, might show they slow down specific apps[…]

Ukraine state media leaks details of 120,000 Russians soldier on website

Ukrainian news website Ukrainska Pravda says the nation’s Centre for Defence Strategies think tank has obtained the personal details of 120,000 Russian servicemen fighting in Ukraine. The publication has now shared this data freely on its website. The Register and others have been unable to fully verify the accuracy of the data from the leak. Read more about Ukraine state media leaks details of 120,000 Russians soldier on website[…]