Items tagged with cybersecurity
Last week, a massive security breach rocked Uber, with a teenage hacker claiming credit for the incident. Then, over the weekend, someone claiming to be this same hacker leaked Grand Theft Auto (GTA) 6 gameplay footage on the GTA forums. The developer of the GTA series, Rockstar Games, later confirmed the authenticity...
Read more...
The popular rideshare company Uber announced last evening that it was responding to a cybersecurity incident but didn’t provide any further details other than to say that the company was in contact with law enforcement. However, it didn’t take long for information regarding the incident to leak. An unknown threat...
Read more...
Cybersecurity researchers at Proofpoint have been keeping tabs on an Advanced Persistent Threat (APT) known as TA453 and recently found the threat actor employing a phishing technique that makes use of sock puppet email accounts. Sock puppets are alternate accounts or personas used in a deceptive manner by a single...
Read more...
The cybersecurity firm Group-IB published research today detailing how various threat actors are stealing Steam login credentials using browser windows. Specialists from the computer emegency response team at Group-IB (CERT-GIB) discovered over 150 phishing resources mimicking Steam in just the month of July. Steam...
Read more...
Research conducted by a team at the firmware security firm Binarly reveals that six vulnerabilities remain unpatched in various enterprise-grade HP laptops and desktops despite HP having developed patches for these vulnerabilities. Binarly discovered three of these vulnerabilities last year and notified HP of their...
Read more...
After introducing video end-to-end encryption (E2EE) for a subset of its wired doorbell and camera devices over a year ago, Ring has announced that it is now extending this capability to its wireless devices. While the company doesn’t specify in its announcement which of its battery-powered devices will support E2EE...
Read more...
The outdoor recreational apparel brand The North Face has reportedly been hit by a major credential stuffing attack. In a credential stuffing attack, threat actors take user login credentials exposed in unrelated data breaches and enter them into a targeted website or service. This form of cyberattack takes advantage...
Read more...
Cybersecurity researchers from Palo Alto Networks’ Unit 42 have discovered a campaign exploiting multiple vulnerabilities in D-Link routers to spread botnet malware. A botnet is a network of compromised consumer or enterprise devices controlled by a threat actor to carry out malicious tasks, such as mining...
Read more...
Last week, Microsoft revealed a vulnerability in the TikTok Android app that threat actors potentially could have exploited to hijack TikTok user accounts with a single click. Fortunately, TikTok patched the vulnerability earlier this year before its disclosure. However, shortly after Microsoft publicly disclosed the...
Read more...
A nasty bit of Android malware previously lurking on the Google Play Store has returned with additional capabilities. Known as SharkBot, the malware is designed to steal user login credentials, particularly credentials used to access financial applications. The malware has also been found to initiate money transfers...
Read more...
A new report by Microsoft details a vulnerability in the TikTok Android app that threat actors could have exploited to hijack user accounts with a single click. The vulnerability appears in the National Vulnerability Database with the Common Vulnerabilities and Exposures (CVE) identifier CVE-2022-28799 and a high...
Read more...
The password manager LastPass has published a blog post notifying users of a recent data breach. According to the CEO, Karim Toubba, the breach affected parts of the company’s development environment but did not touch any databases containing user data or passwords. Rather than stealing user information, it seems that...
Read more...
A new report by cybersecurity firm Mandiant details an ongoing hacking campaign targeting Microsoft 365. The threat actor behind this campaign is an advanced persistent threat (APT) known as “Cozy Bear” or simply “APT29.” APT29 is thought to be a Russian hacking group sponsored by the Russian Foreign Intelligence...
Read more...
Plex, a company that provides media streaming solutions, sent out emails early this morning informing users of a data breach. According to the notice, Plex launched an investigation yesterday after discovering suspicious activity on one of its databases. The investigation revealed that a third-party actor managed to...
Read more...
Over the weekend, a ransomware attack hit a French hospital, forcing the facility to turn away patients. The staff of the affected hospital, the Centre Hospitalier Sud Francilien (CHSF), has had to return to using pen and paper to keep track of patients, as the main computer systems have been rendered inaccessible...
Read more...
We wrote last week about research showing that Meta takes advantage of the in-app browser feature on mobile devices to inject JavaScript into web pages viewed in the Facebook, Instagram, and Messenger mobile apps. Now that same researcher has found that the TikTok in-app browser injects JavaScript which functions...
Read more...
Threat intelligence firm Recorded Future has published a report concerning a long-term credential theft campaign targeting humanitarian, think tank, and government organizations. A hacking group known as RedAlpha is carrying out this ongoing campaign, and is known to have been active as far back as 2015. However, it...
Read more...
An Android banking Trojan with an already extensive toolkit recently gained a ransomware module. While banking malware is an all too prevalent a threat for mobile devices, ransomware isn’t a technique commonly deployed against mobile devices, making this particular piece of malware notable. Banking Trojans come in the...
Read more...
Facebook’s collection and sale of user data for advertising purposes took a huge hit when Apple introduced its App Tracking Transparency (ATT) feature, with Facebook projecting that it will lose out on $10 billion in revenue this year. However, it appears that Meta, Facebook’s parent company, may still have some...
Read more...
Cloudflare says that it was hit by the same smishing (sms phishing) attack that recently resulted in a user data breach at Twilio. However, unlike Twilio, Cloudflare managed to prevent the attack from escalating to a data breach thanks to its strong security measures. While the attackers managed to steal login...
Read more...
Microsoft has finally released a security update that addresses a zero-day vulnerability that went unpatched for more than two years. The vulnerability, known as DogWalk, appears in the national vulnerability index as CVE-2022-34713. Microsoft has assigned the vulnerability a high severity rating of 7.8. The company’s...
Read more...
If we’ve learned anything from reporting on phishing attacks, it’s that no company, organization, or institution is immune from becoming the victim of one. Even the US Department of Defense recently fell victim to a $23.5 million phishing scam. If anything, larger organizations simply make for larger and more...
Read more...
