Hackers hacked by Nvidia Demand NVIDIA Open Source Their Drivers Or They Leak More Data

Hackers that infiltrated NVIDIA systems are now threatening to release more confidential information unless the company commits to open sourcing their drivers. It is unclear what the stolen data contains, but the group confirmed that there are 250GB of hardware related data in their possession. Furthermore, the group confirmed they have evaluated NVIDIA position, which Read more about Hackers hacked by Nvidia Demand NVIDIA Open Source Their Drivers Or They Leak More Data[…]

Yet Another Israeli Malware Manufacturer Found Selling To Human Rights Abusers, Targeting iPhones

[…] Candiru — another Israeli firm with a long list of questionable customers, including Uzbekistan, Saudi Arabia, United Arab Emirates, and Singapore. Now there’s another name to add to the list of NSO-alikes. And (perhaps not oddly enough) this company also calls Israel home. Reuters was the first to report on this NSO’s competitor’s ability Read more about Yet Another Israeli Malware Manufacturer Found Selling To Human Rights Abusers, Targeting iPhones[…]

North Korea Hacked Him. So One Guy Took Down Its Internet

For the past two weeks, observers of North Korea’s strange and tightly restricted corner of the internet began to notice that the country seemed to be dealing with some serious connectivity problems. On several different days, practically all of its websites—the notoriously isolated nation only has a few dozen—intermittently dropped offline en masse, from the Read more about North Korea Hacked Him. So One Guy Took Down Its Internet[…]

Blockchain platform Wormhole says it’s retrieved the $324M stolen by hackers

[…] Hackers stole more than $324 million in cryptocurrency from Wormhole, the developers behind the popular blockchain bridge confirmed Wednesday. The platform provides a connection that allows for the transfer of cryptocurrency between different decentralized-finance blockchain networks. Wormhole said in a series of tweets Wednesday afternoon that thieves made off with 120,000 wETH, or wrapped Read more about Blockchain platform Wormhole says it’s retrieved the $324M stolen by hackers[…]

Finnish diplomats were targeted by NSO Pegasus spyware

Finland’s government says the mobile devices of its diplomats have been hacked using Pegasus spyware. The Finnish foreign ministry stated on Friday that some of its officials abroad had been targeted by the sophisticated software. “The highly sophisticated malware has infected users’ Apple or Android telephones without their noticing and without any action from the Read more about Finnish diplomats were targeted by NSO Pegasus spyware[…]

OpenSubtitles Hacked, 7 Million Subscribers’ Details Leaked Online

[…] “In August 2021 we received message on Telegram from a hacker, who showed us proof that he could gain access to the user table of opensubtitles.org, and downloaded a SQL dump from it. He asked for a BTC ransom to not disclose this to public and promise to delete the data,” the post reads. Read more about OpenSubtitles Hacked, 7 Million Subscribers’ Details Leaked Online[…]

Crypto.com Finally Acknowledges $34 Million Stolen by Hackers

Trading platform Crypto.com lost about $34 million worth of cryptocurrency in a hack on Monday, according to a new blog post by the company published overnight. The company had previously declined to say much about the hack, which forced users to stop withdrawals for most of the day, and only reassured customers they wouldn’t lose Read more about Crypto.com Finally Acknowledges $34 Million Stolen by Hackers[…]

Microsoft warns of destructive cyberattack on Ukrainian computer networks

Microsoft warned Saturday evening that it had detected a highly destructive form of malware in dozens of government and private computer networks in Ukraine that appeared to be waiting to be triggered by an unknown actor. In a blog post, the company said that Thursday — around the same time that government agencies in Ukraine Read more about Microsoft warns of destructive cyberattack on Ukrainian computer networks[…]

Did you always want to hack an ESA satellite? Now’s your chance

The European Space Agency (ESA) is inviting applications from attackers who fancy having a crack at its OPS-SAT spacecraft. It’s all in the name of ethical hacking, of course. The plan is to improve the resilience and security of space assets by understanding the threats dreamed up by security professionals and members of the public Read more about Did you always want to hack an ESA satellite? Now’s your chance[…]

Russia Arrests Members of Notorious Ransomware Gang REvil

[…] The Federal Security Service (FSB), Russia’s domestic intelligence agency, said in a press release Friday that it had recently conducted raids at 25 residences across Moscow, Leningrad, Lipetsk, and St. Petersburg, where 14 members of the cybercriminal gang were arrested. During the raids, authorities seized more than 426 million rubles, $600,000, and €500,000, along Read more about Russia Arrests Members of Notorious Ransomware Gang REvil[…]

Teen hacker finds bug that lets him control 25+ Teslas remotely. Also 1000s of auth tokens expired silmutaneously

A young hacker and IT security researcher found a way to remotely interact with more than 25 Tesla electric vehicles in 13 countries, according to a Twitter thread he posted yesterday. David Colombo explained in the thread that the flaw was “not a vulnerability in Tesla’s infrastructure. It’s the owner’s faults.” He claimed to be Read more about Teen hacker finds bug that lets him control 25+ Teslas remotely. Also 1000s of auth tokens expired silmutaneously[…]

Ransomware puts New Mexico prison in lockdown, closes doors, security cameras to personnel

[…] Commissioners told the court that all of Bernalillo County, which covers the US state of New Mexico’s largest city Albuquerque, had been affected by a January 5, 2022, ransomware attack, including the Metropolitan Detention Center (MDC) that houses some of the state’s incarcerated. […] Over the phone, a spokesperson for the facility told The Read more about Ransomware puts New Mexico prison in lockdown, closes doors, security cameras to personnel[…]

T-Mobile Has Suffered Yet Another Data Breach

The news comes via internal documents shared with The T-Mo Report, embedded below. They state that there was “unauthorized activity” on some customer accounts. That activity was either the viewing of customer proprietary network information (CPNI), an active SIM swap by a malicious actor, or both. This comes just on the heels of a previous Read more about T-Mobile Has Suffered Yet Another Data Breach[…]

UK National Crime Agency finds 225 million previously unexposed passwords

The United Kingdom’s National Crime Agency and National Cyber Crime Unit have uncovered a colossal trove of stolen passwords. We know this because Troy Hunt, of Have I Been Pwned (HIBP) fame, yesterday announced the agency has handed them over to his service, which lets anyone conduct a secure search of stolen passwords to check Read more about UK National Crime Agency finds 225 million previously unexposed passwords[…]

How NSO Group’s zero-click iPhone-Hacking Exploit Works

[…] researchers managed to technically deconstruct just how one of the company’s notorious “zero-click” attacks work. Indeed, researchers with Google’s Project Zero published a detailed break-down that shows how an NSO exploit, dubbed “FORCEDENTRY,” can swiftly and silently take over a phone. […] Initial details about it were captured by Citizen Lab, a research unit Read more about How NSO Group’s zero-click iPhone-Hacking Exploit Works[…]

Hackers Steal $135 Million From Users of Crypto Gaming Company

In the latest hack targeting cryptocurrency investors, hackers stole around $135 million from users of the  blockchain gaming company VulcanForge, according to the company. The hackers stole the private keys to access 96 wallets, siphoning off 4.5 million PYR, which is VulcanForge’s token that can be used across its ecosystem, the company said in a Read more about Hackers Steal $135 Million From Users of Crypto Gaming Company[…]

Ukraine arrests 51 for selling data of 300 million people in US, EU

Ukrainian law enforcement arrested 51 suspects believed to have been selling stolen personal data on hacking forums belonging to hundreds of millions worldwide, including Ukraine, the US, and Europe. “As a result of the operation, about 100 databases of personal data relevant for 2020-2021 were seized,” the Cyberpolice Department of the National Police of Ukraine Read more about Ukraine arrests 51 for selling data of 300 million people in US, EU[…]

Log4Shell: RCE 0-day exploit found in log4j2, a popular Java logging package, hugely popular

A few hours ago, a 0-day exploit in the popular Java logging library log4j2 was discovered that results in Remote Code Execution (RCE) by logging a certain string. Given how ubiquitous this library is, the impact of the exploit (full server control), and how easy it is to exploit, the impact of this vulnerability is Read more about Log4Shell: RCE 0-day exploit found in log4j2, a popular Java logging package, hugely popular[…]

Cuba ransomware gang scores almost $44m from 49 victims: FBI

The US Federal Bureau of Investigation (FBI) says 49 organisations, including some in government, were hit by Cuba ransomware as of early November this year. The attacks were spread across five “critical infrastructure”, which, besides government, included the financial, healthcare, manufacturing, and – as you’d expect – IT sectors. The Feds said late last week Read more about Cuba ransomware gang scores almost $44m from 49 victims: FBI[…]

$150m – $200m of digital assets stolen in BitMart security breach

Cryptocurrency exchange BitMart has coughed to a large-scale security breach relating to ETH and BSC hot wallets. The company reckons that hackers made off with approximately $150m in assets. Security and analytics outfit PeckShield put the figure at closer to $200m. “We have identified a large-scale security breach related to one of our ETH hot Read more about $150m – $200m of digital assets stolen in BitMart security breach[…]

Suspected Russian Activity Targeting Government and Business Entities Around the Globe after Solarwinds

Mandiant continues to track multiple clusters of suspected Russian intrusion activity that have targeted business and government entities around the globe. Based on our assessment of these activities, we have identified two distinct clusters of activity, UNC3004 and UNC2652. We associate both groups with UNC2452 also referred to as Nobelium by Microsoft. Some of the Read more about Suspected Russian Activity Targeting Government and Business Entities Around the Globe after Solarwinds[…]

Someone is hacking receipt printers with ‘antiwork’ messages

Hackers are attacking business receipt printers to insert pro-labor messages, according to a report from Vice and posts on Reddit. “Are you being underpaid?”, reads one message and “How can the McDonald’s in Denmark pay their staff $22 an hour and still manage to sell a Big Mac for less than in America?” another states. Numerous Read more about Someone is hacking receipt printers with ‘antiwork’ messages[…]

Someone Is Running Hundreds of Malicious Servers on Tor Network

New research shows that someone has been running hundreds of malicious servers on the Tor network, potentially in an attempt to de-anonymize users and unmask their web activity. As first reported by The Record, the activity would appear to be emanating from one particular user who is persistent, sophisticated, and somehow has the resources to Read more about Someone Is Running Hundreds of Malicious Servers on Tor Network[…]

U.S. State Department phones hacked with Israeli company NSO spyware

Apple Inc iPhones of at least nine U.S. State Department employees were hacked by an unknown assailant using sophisticated spyware developed by the Israel-based NSO Group, according to four people familiar with the matter. The hacks, which took place in the last several months, hit U.S. officials either based in Uganda or focused on matters Read more about U.S. State Department phones hacked with Israeli company NSO spyware[…]

Really stupid “smart contract” bug let hackers steal $31 million in digital coin

Blockchain startup MonoX Finance said on Wednesday that a hacker stole $31 million by exploiting a bug in software the service uses to draft smart contracts. The company uses a decentralized finance protocol known as MonoX that lets users trade digital currency tokens without some of the requirements of traditional exchanges. “Project owners can list Read more about Really stupid “smart contract” bug let hackers steal $31 million in digital coin[…]