Ukrainian law enforcement arrested 51 suspects believed to have been selling stolen personal data on hacking forums belonging to hundreds of millions worldwide, including Ukraine, the US, and Europe. “As a result of the operation, about 100 databases of personal data relevant for 2020-2021 were seized,” the Cyberpolice Department of the National Police of Ukraine Read more about Ukraine arrests 51 for selling data of 300 million people in US, EU[…]

A few hours ago, a 0-day exploit in the popular Java logging library log4j2 was discovered that results in Remote Code Execution (RCE) by logging a certain string. Given how ubiquitous this library is, the impact of the exploit (full server control), and how easy it is to exploit, the impact of this vulnerability is Read more about Log4Shell: RCE 0-day exploit found in log4j2, a popular Java logging package, hugely popular[…]

The US Federal Bureau of Investigation (FBI) says 49 organisations, including some in government, were hit by Cuba ransomware as of early November this year. The attacks were spread across five “critical infrastructure”, which, besides government, included the financial, healthcare, manufacturing, and – as you’d expect – IT sectors. The Feds said late last week Read more about Cuba ransomware gang scores almost $44m from 49 victims: FBI[…]

Cryptocurrency exchange BitMart has coughed to a large-scale security breach relating to ETH and BSC hot wallets. The company reckons that hackers made off with approximately $150m in assets. Security and analytics outfit PeckShield put the figure at closer to $200m. “We have identified a large-scale security breach related to one of our ETH hot Read more about $150m – $200m of digital assets stolen in BitMart security breach[…]

Mandiant continues to track multiple clusters of suspected Russian intrusion activity that have targeted business and government entities around the globe. Based on our assessment of these activities, we have identified two distinct clusters of activity, UNC3004 and UNC2652. We associate both groups with UNC2452 also referred to as Nobelium by Microsoft. Some of the Read more about Suspected Russian Activity Targeting Government and Business Entities Around the Globe after Solarwinds[…]

Hackers are attacking business receipt printers to insert pro-labor messages, according to a report from Vice and posts on Reddit. “Are you being underpaid?”, reads one message and “How can the McDonald’s in Denmark pay their staff $22 an hour and still manage to sell a Big Mac for less than in America?” another states. Numerous Read more about Someone is hacking receipt printers with ‘antiwork’ messages[…]

New research shows that someone has been running hundreds of malicious servers on the Tor network, potentially in an attempt to de-anonymize users and unmask their web activity. As first reported by The Record, the activity would appear to be emanating from one particular user who is persistent, sophisticated, and somehow has the resources to Read more about Someone Is Running Hundreds of Malicious Servers on Tor Network[…]

Apple Inc iPhones of at least nine U.S. State Department employees were hacked by an unknown assailant using sophisticated spyware developed by the Israel-based NSO Group, according to four people familiar with the matter. The hacks, which took place in the last several months, hit U.S. officials either based in Uganda or focused on matters Read more about U.S. State Department phones hacked with Israeli company NSO spyware[…]

Blockchain startup MonoX Finance said on Wednesday that a hacker stole $31 million by exploiting a bug in software the service uses to draft smart contracts. The company uses a decentralized finance protocol known as MonoX that lets users trade digital currency tokens without some of the requirements of traditional exchanges. “Project owners can list Read more about Really stupid “smart contract” bug let hackers steal $31 million in digital coin[…]

Finland is working to stop a flood of text messages of an unknown origin that are spreading malware. The messages with malicious links to malware called FluBot number in the millions, according to Aino-Maria Vayrynen, information security specialist at the National Cyber Security Centre. Telia Co AB, the country’s second-biggest telecommunications operator, has intercepted some Read more about Malware Attack Via Millions of Phishing Text Messages Spreads in Finland[…]

GoDaddy has admitted to America’s financial watchdog that one or more miscreants broke into its systems and potentially accessed a huge amount of customer data, from email addresses to SSL private keys. In a filing on Monday to the SEC, the internet giant said that on November 17 it discovered an “unauthorized third-party” had been Read more about GoDaddy Managed WordPress compromised, 1.2m peoples data exposed – sftp, ssl keys, admin passwords, etc[…]

A Canadian teenager has been arrested for allegedly stealing $37 million worth of cryptocurrency ($46M Canadian) via a SIM swap scam, making it the largest virtual cash heist affecting a single person yet, according to police. Together with the FBI and the US Secret Service Electronic Crimes Task Force, Hamilton Police in the Canadian province Read more about Canadian teen arrested for stealing $36.5m of cryptocurrency[…]

A 36-year-old man from Portage, Michigan, was arrested on Thursday for allegedly renting thousands of textbooks from Amazon and selling them rather than returning them. […] Also indicted were three alleged co-conspirators: Gregory Mark Gleesing, 43, and Lovedeep Singh Dhanoa, 25, both from Portage, Michigan, and Paul Steven Larson, 32, from Kalamazoo, Michigan From January Read more about Amazon textbook rental service scammed for $1.5m[…]

The FBI appears to have been used as a pawn in a fight between hackers and security researchers. According to Bleeping Computer, the FBI has confirmed intruders compromised its email servers early today (November 13th) to send fake messages claiming recipients had fallen prone to data breaches. The emails tried to pin the non-existent attacks Read more about FBI email servers were hacked to target a security researcher[…]

This is the full story of the Azure ChaosDB Vulnerability that was discovered and disclosed by the Wiz Research Team, where we were able to gain complete unrestricted access to the databases of several thousand Microsoft Azure customers. In August 2021, we disclosed to Microsoft a new vulnerability in Cosmos DB that ultimately allowed us Read more about ChaosDB Explained: Azure’s Cosmos DB Vulnerability Walkthrough – how to pwn all MS Azure’s hosted databases for all customers – also shows value of responsible disclosure[…]

As we head into another Northern Hemisphere pandemic winter and hope that things won’t be quite as bad this year, next summer seems an extremely long time away in the future. But it will be upon us sooner than we might think, and along with it will we hope come a resumption of full-scale hacker Read more about Got Anything To Talk About? These Dutch Hackers Want You To Say It To Them[…]

Someone recently hacked and attempted to extort Robinhood, the popular investment and trading platform, gaining access to millions of customers’ email addresses and full names in the process. The platform revealed the security incident in a blog post published Monday, assuring users that nobody had lost any money as a result of the incident. “An Read more about Robinhood Hack Compromises Millions of Customer Email Addresses[…]

Hackers have stolen an estimated $130 million worth of cryptocurrency assets from Cream Finance, a decentralized finance (DeFi) platform that allows users to loan and speculate on cryptocurrency price variations. The incident, detected earlier today by blockchain security firms PeckShield and SlowMist, was confirmed by the Cream Finance team earlier today. The attackers are believed to have found a vulnerability Read more about Hackers steal $130 million from Cream Finance; the company’s 3rd hack this year[…]

A hacker has breached the Argentinian government’s IT network and stolen ID card details for the country’s entire population, data that is now being sold in private circles. The hack, which took place last month, targeted RENAPER, which stands for Registro Nacional de las Personas, translated as National Registry of Persons. The agency is a crucial cog Read more about Hacker steals government ID database for Argentina’s entire population[…]

[…]A hacker gang, […] has been infiltrating telecoms throughout the world to steal phone records, text messages, and associated metadata directly from carrier users. That’s according to a new report from cybersecurity firm CrowdStrike, which published a technical analysis of the mysterious group’s hacking campaign on Tuesday. The report, which goes into a significant amount Read more about Cybercrime Group Has Hacked Telecoms All Over the World since at least 2016[…]

An Israeli researcher has demonstrated that LAN cables’ radio frequency emissions can be read by using a $30 off-the-shelf setup, potentially opening the door to fully developed cable-sniffing attacks. Mordechai Guri of Israel’s Ben Gurion University of the Negev described the disarmingly simple technique to The Register, which consists of putting an ordinary radio antenna Read more about LANtenna attack reveals Ethernet cable traffic contents from a distance[…]

A woman allegedly hacked into the systems of a flight training school in Florida to delete and tamper with information related to the school’s airplanes. In some cases, planes that previously had maintenance issues had been “cleared” to fly, according to a police report. The hack, according to the school’s CEO, could have put pilots Read more about Woman Allegedly Hacked Flight School, Cleared Planes With Maintenance Issues to Fly[…]

Microsoft said its Azure cloud service mitigated a 2.4 terabytes per second (Tbps) distributed denial of service attack this year, at the end of August, representing the largest DDoS attack recorded to date. Amir Dahan, Senior Program Manager for Azure Networking, said the attack was carried out using a botnet of approximately 70,000 bots primarily Read more about Microsoft said it mitigated a 2.4 Tbps DDoS attack, the largest ever[…]