Items tagged with cybersecurity
Early in January, Bitcoin saw a healthy spike up to $45,000 following some excitement surrounding Bitcoin exchange-traded-funds. This trend has continued with some ups and downs in the middle, but regardless, people have been rather excited about the prospects. So much so that one person elected to hack the SEC X...
Read more...
In December of last year, genetic testing company 23andMe suffered a significant data breach. Since then, the company has been dealing with the fallout, which includes several class action lawsuits from customers whose data was compromised. However, 23andMe is shifting some blame onto its customers, blaming them for...
Read more...
Password managers are not perfect. Recently, LastPass was blamed for millions in stolen neing crypto and KeePass is downplaying password database theft. Bitwarden may ne next to catch some flak. It turns out a penetration test discovered that unlocking a password vault with Windows Hello biometrics could be bypassed...
Read more...
As we closed out 2023, the world of cybersecurity settled just a touch as threat actors and defenders went off to celebrate the holiday in a seemingly unspoken Christmas truce. Nothing good can last forever, though, as the Cybersecurity and Infrastructure Security Agency (CISA) makes clear with an update to the Known...
Read more...
Earlier in the year, Apple fixed several vulnerabilities, which, when exploited, allowed Operation Triangulation spyware to make its way onto devices with zero interaction required. Since then, researchers have been uncovering all the components that made up the attack chain for the spyware campaign, and what they...
Read more...
Through 2022, the LAPSUS$ threat actor group went on a tear, breaching companies like NVIDIA, Samsung, Microsoft, and Rockstar. The latter of these breaches resulted in quite a bit of game leaks related to GTA IV, revealing details that would later be confirmed in the official GTA IV trailer. Some, if not all, of the...
Read more...
In the threat intelligence and cybersecurity space, an interesting development has unfolded over the past few days regarding BlackCat or ALPHV, the group behind the Reddit security breach and the more recent 23AndMe data breach. It initially appeared as though the FBI had seized the group’s website, though BlackCat...
Read more...
Earlier this month, ransomware group Rhysida announced that it had breached Sony’s Insomniac Games, taken files, and was purportedly demanding a ransom of $2 million. It has been a week since then, and thus the deadline has passed to pay the ransom, so Rhysida has elected to publish the 1.67 terabytes of data it...
Read more...
It would seem that Toyota cannot catch a break. Just weeks after discovering the company ran out of server disk space, shutting down production lines, and that Toyota vehicles could be compromised through the headlights, the company is telling German customers that some of their personal data may have been compromised...
Read more...
General Electric is primarily known for its spinning things, like washing machines, supersonic engines, or the GAU-8/A Avenger 30mm seven-barrel cannon mounted on the A-10 Warthog and CIWS weapon system. All goofs aside, GE is quite a broad company with connections in nearly every sector of the economy. Therefore, it...
Read more...
The Russian espionage machine is both vast and prolific, as shown by a recent Russian code outbreak making its way into U.S. government systems. With the war in Ukraine in full swing, this behemoth of a program is not only throwing tools and resources at Ukraine, but is also driving its efforts into other countries...
Read more...
Ransomware gang BlackCat, otherwise known as ALPHV, is after the public spotlight following the Reddit data breach debacle earlier this year. Now, the group has breached another organization with MeridianLink and is causing a stir by filing a complaint with the Securities and Exchange Commission (SEC) to try and spur...
Read more...
Software vulnerabilities come and go, but vulnerabilities found in hardware are significantly harder to deal with and lead to more problems, such as with Hertzbleed and that family of security issues that sprung up from simple clock management techniques. Now, researchers have found a new problem with AMD EPYC...
Read more...
The Lockbit ransomware group has breached a number of high-profile organizations and companies, such as TSMC in Taiwan, which is effectively the global leader in silicon production. Most recently, though, the international aeronautic and telecommunications company Boeing seemingly fell victim to the group, and...
Read more...
Generative AI ChatGPT has seen exponential growth in the past few months, recently crossing the 100 million weekly active users. However, with all this popularity, a target was perhaps painted on the back of OpenAI and ChatGPT by threat actors looking to make a quick buck or cause mayhem. It seems the latter is what...
Read more...
Threat actors have gotten increasingly more creative with their methods, embedding them in devices while evading defensive blue teams along the way. The situation is akin to over-prescription of antibiotics, which could eventually lead to a superbug, but with criminal hackers devising creative and innovative ways to...
Read more...
In case you weren't aware, VMware operates a security arm called Carbon Black. On Halloween, Carbon Black's Threat Analysis Unit (TAU) announced that it had found 34 different vulnerable Windows drivers that had firmware access. To be clear, that's 34 unique filenames; the actual number of different driver files is...
Read more...
Building supply and home improvement company Ace Hardware has seemingly suffered a severe cybersecurity attack and is dealing with the fallout. After an email notice surfaced on Reddit, online sales have gone down, and outbound shipments are on hold while the breach is dealt with. While there has been no direct...
Read more...
Ransomware has become one of the most prevalent means by which threat actors generate revenue, creating a billion-dollar underground industry. Given this financial reality, ransomware gangs are working constantly to outsmart the authorities trying to stop them, though that has not seemed to work. Now, the Biden...
Read more...
With a purported userbase of over 500 million, WinRAR is one of the world’s most popular file compression tools thanks in part to its never-ending free trial. However, with such prevalence, WinRAR is also a juicy target for hackers to gain a foothold or escalation on a device. Google’s Threat Analysis Group (TAG) has...
Read more...
'
Discord is a great voice, text, and video platform that allows friends, family, and communities of all types to connect in a common space. However, it’s been known that Discord has been used for some terrible things, such as the massive leak of intelligence from the U.S. Pentagon. Now, threat actors are leveraging...
Read more...
Cloud gaming has many advantages, such as lowering the barrier to entry to triple-A titles that require beefier and beefier hardware these days. However, one downside to this ecosystem is that there is a vast centralized dataset that could make for a rather juicy target for hackers. This is exactly what ShadowPC, a...
Read more...