Items tagged with cybersecurity
BIT Mining Limited has published a news release disclosing that the cryptocurrency mining pool run by its subsidiary, BTC.com, suffered a cyberattack earlier this month on December 3. In the course of the attack, threat actors stole cryptocurrency valuing approximately $3 million in total. BIT Mining has informed...
Read more...
Back in August of this year, an unknown actor operating under the username “devil” posted information relating to 5.4 million Twitter users for sale on BreachForums. This data included the email addresses and phone numbers tied to users’ accounts. Now, someone with the username “Ryushi” claims to be selling a similar...
Read more...
Back in August of this year, the password manager LastPass suffered a security breach that resulted in the theft of proprietary technical information and portions of the company’s source code. Hackers then used the stolen information to breach LastPass again at the end of November. Shortly after this follow-up breach...
Read more...
iRobot’s automated Roomba vacuum cleaners have been navigating households for many years using infrared sensors. However, the company has equipped some of its more recent Roomba models with visible light cameras. As it turns out, these cameras can capture images of people in compromising positions, and these images...
Read more...
Earlier this year, researchers from the threat intelligence group Red Canary identified an infectious computer worm that was found to have been present in customers’ environments going back to September 2021. According to later analysis by Microsoft, this malware, which researchers named “Raspberry Robin,” may date as...
Read more...
An investigation conducted by the Secret Service’s Cyber Fraud Task Force (CFTF) and Internal Revenue Service - Criminal Investigation (IRS-CI) has resulted in the arrest and conviction of a former T-Mobile employee by the name of Argishti Khudaverdyan. Now 44 years old, Khudaverdyan used stolen T-Mobile credentials...
Read more...
Gemini, the cryptocurrency exchange founded by the Winklevoss twins, published a blog post this week warning about phishing campaigns targeting its customers. These phishing campaigns are likely related to a previously undisclosed data breach that exposed the email addresses of the exchange’s 5.7 million customers...
Read more...
Back in October, a researcher at the cybersecurity firm Salt Security uncovered multiple security vulnerabilities in the LEGO BrickLink website that could have allowed hackers to hijack users’ accounts and arbitrarily read files on the the Amazon cloud server hosting the website. Upon making this discovery, the...
Read more...
Joint research conducted by cybersecurity firms Checkmarx and Illustria has revealed a massive phishing campaign that flooded open source repositories with over 144,000 packages. Unlike many other campaigns that involve the distribution of software packages, this newly discovered campaign didn’t attempt to distribute...
Read more...
The cuteness of kittens is widely recognized and appreciated on the internet, but there’s nothing cute about the Iranian Advanced Persistent Threat (APT) known as “Charming Kitten.” Also known as TA453 or APT42, this threat group has been conducting cyber espionage at the behest of the Iranian regime since at least...
Read more...
A researcher at the cloud security company Lightspin recently discovered a flaw in the Amazon Web Services (AWS) Elastic Container Registry (ECR) Public Gallery that threat actors could have exploited to delete or modify container images with billions of downloads. The leveraging of an exploit in this manner would...
Read more...
In the course of investigating an Android banking Trojan known as “Ermac,” cybersecurity researchers at ThreatFabric recently discovered a service that takes legitimate apps and turns them into Trojans. The researchers have named this service “Zombinder,” as it binds a malware dropper to legitimate apps, effectively...
Read more...
This week, the Health Sector Cybersecurity Coordination Center (HC3), which is part of the US Department of Health and Human Service (HHS), issued a report warning the healthcare industry about the threat posed by a new ransomware group that operates under the name “Royal.” This report comes a little over a month after the Biden administration
Read more...
Yesterday, Apple announced a set of new security features coming soon to iPhones. Among these features is an option to enable end-to-end encryption (E2EE) for iCloud backups. US users are slated to be the first group for which this feature will be widely available, with Apple targeting the end of the year for its US...
Read more...
The first day of Pwn2Own Toronto 2022 has come and gone, and Samsung’s Galaxy S22 has had it rough, with more potential abuse yet to come. A variety of printers and routers from different companies have also taken some beatings. Pwn2Own is a hacking contest held every year by the Zero Day Initiative (ZDI), giving...
Read more...
Last week, Google began pushing out an update to its Chrome browser that fixes a critical security vulnerability in the browser’s JavaScript engine. Google noted in its blog post about the update that an exploit for this vulnerability is out in the wild. Then, on Monday, the Cybersecurity and Infrastructure Security...
Read more...
Edward Snowden, the former NSA contractor turned mass surveillance whistleblower, officially became a Russian citizen in September of this year when Russian president Vladimir Putin signed a decree granting citizenship to Snowden and seventy-four other foreigners residing in the country. Last week, Snowden’s lawyer...
Read more...
The cybersecurity firm Zimperium, has published a blog post detailing a recently discovered Android malware campaign that has been ongoing since 2018. This campaign spreads a set of malicious apps the researchers are calling the “Schoolyard Bully Trojan” on account of the fact that the malicious apps are disguised as...
Read more...
The CEO of the password manager LastPass, Karim Toubba, has published a blog post on the company’s website disclosing a recent security breach. According to the blog post, this incident affected both LastPass and its affiliate company GoTo, with a similar blog post appearing on the GoTo website. With the help of the...
Read more...
The proliferation of “smart” devices within the home has raised privacy concerns as it has become more apparent that the companies selling these devices often have access to data and media collected by the devices. Eufy, a sub-brand of the popular Chinese electronics manufacturer Anker Innovations, tries to capitalize...
Read more...
TikTok’s meteoric rise is due, in part, to viral challenges that spread on the social media platform. Some of these challenges are not only dumb, but down right dangerous. One of the more recent challenges revolves around a TikTok filter that masks people’s bodies with a blur of color intended to match the background...
Read more...
The holiday season at the end of the year is a busy time for online shoppers, between taking advantage of the best Black Friday and Cyber Monday deals and ordering gifts for friends and family. Sadly, threat actors have no qualms with taking advantage of the high volume of packages in transit during this time to...
Read more...
