Items tagged with Hackers
The Linus Tech Tips YouTube channel fell victim to hackers overnight, with the attackers using it to promote a fake crypto giveaway. During the time the channel was being recovered, users attempting to view the channel encountered a YouTube message, stating, "This account has been terminated for violating YouTube's...
Read more...
Pepsi Bottling Ventures (PBV) has suffered a major data breach, with hackers making off with a trove of sensitive information. The company has begun notifying affected individuals of this incident, but the details remain sparse. According to a sample of the security notice issued by PBV, unknown threat actors managed...
Read more...
We often report on phishing campaigns involving fraudulent customer support agents who trick victims into giving up sensitive information or installing malware on their systems. However, sometimes threat actors flip this script, instead posing as customers in need of help in order to prey on customer support agents...
Read more...
TA444 is an advanced persistent threat (APT) group believed to be associated with the North Korean government. However, rather than receiving financial backing from its government, the group seems to bring in revenue for the government. Unlike most state-backed APTs, such as China’s Aoqin Dragon or Iran’s Charming...
Read more...
BIT Mining Limited has published a news release disclosing that the cryptocurrency mining pool run by its subsidiary, BTC.com, suffered a cyberattack earlier this month on December 3. In the course of the attack, threat actors stole cryptocurrency valuing approximately $3 million in total. BIT Mining has informed...
Read more...
Back in August of this year, the password manager LastPass suffered a security breach that resulted in the theft of proprietary technical information and portions of the company’s source code. Hackers then used the stolen information to breach LastPass again at the end of November. Shortly after this follow-up breach...
Read more...
Back in October, a researcher at the cybersecurity firm Salt Security uncovered multiple security vulnerabilities in the LEGO BrickLink website that could have allowed hackers to hijack users’ accounts and arbitrarily read files on the the Amazon cloud server hosting the website. Upon making this discovery, the...
Read more...
The cuteness of kittens is widely recognized and appreciated on the internet, but there’s nothing cute about the Iranian Advanced Persistent Threat (APT) known as “Charming Kitten.” Also known as TA453 or APT42, this threat group has been conducting cyber espionage at the behest of the Iranian regime since at least...
Read more...
The first day of Pwn2Own Toronto 2022 has come and gone, and Samsung’s Galaxy S22 has had it rough, with more potential abuse yet to come. A variety of printers and routers from different companies have also taken some beatings. Pwn2Own is a hacking contest held every year by the Zero Day Initiative (ZDI), giving...
Read more...
The CEO of the password manager LastPass, Karim Toubba, has published a blog post on the company’s website disclosing a recent security breach. According to the blog post, this incident affected both LastPass and its affiliate company GoTo, with a similar blog post appearing on the GoTo website. With the help of the...
Read more...
Researchers at the cybersecurity firm ESET have discovered an active Android malware campaign that began in January 2022. The campaign in question distributes spyware injected into legitimate VPN apps. The researchers have tied this campaign to an advanced persistent threat (APT) group known as “Bahamut.”
Bahamut...
Read more...
Three days ago, users of the sports betting service DraftKings began reporting that their accounts had been hacked. In cases in which the hacked accounts contained funds, users reported the hackers attempting to withdraw their funds to newly added bank cards. Yesterday, DraftKings acknowledged these reports publicly...
Read more...
Yesterday, the cloud storage provider Dropbox disclosed a recent phishing attack targeting the company’s employees that resulted in unauthorized access to 130 of its GitHub repositories. Fortunately, the incident didn’t escalate to a breach affecting any users’ Dropbox content, passwords, or payment information...
Read more...
Over the weekend, a group of Iranian hackers stole a trove of files from a nuclear technology agency. However, rather than comprising a state-backed hacking group, the hackers in question identify as anti-regime hacktivists who operate under the name “Black Reward.” The group claims to have stolen at least 50 GB of...
Read more...
The Cyber Division of the US Federal Bureau of Investigation (FBI) has published a notice warning the healthcare industry of cyberattacks targeting healthcare payment processors. The attacks generally come in the form of phishing attacks that leverage employees’ publicly available Personally Identifiable Information...
Read more...
Cybersecurity researchers at Proofpoint have been keeping tabs on an Advanced Persistent Threat (APT) known as TA453 and recently found the threat actor employing a phishing technique that makes use of sock puppet email accounts. Sock puppets are alternate accounts or personas used in a deceptive manner by a single...
Read more...
The cybersecurity firm Group-IB published research today detailing how various threat actors are stealing Steam login credentials using browser windows. Specialists from the computer emegency response team at Group-IB (CERT-GIB) discovered over 150 phishing resources mimicking Steam in just the month of July. Steam...
Read more...
Threat intelligence firm Recorded Future has published a report concerning a long-term credential theft campaign targeting humanitarian, think tank, and government organizations. A hacking group known as RedAlpha is carrying out this ongoing campaign, and is known to have been active as far back as 2015. However, it...
Read more...
Earlier this year, we wrote about a vulnerability in Honda’s remote keyless entry (RKE) system that hackers could exploit to lock, unlock, and start certain Honda and Acura vehicles. This particular vulnerability was the result of Honda using fixed codes in its RKE system. Many Honda and Acura key fobs send the same...
Read more...
Last year, a hacker who goes by the name “pompompurin” managed to breach a Federal Bureau of Investigation (FBI) web portal and send out thousands of hoax emails from an official FBI email address. Just a couple weeks prior, pompompurin gained unauthorized access to the internal network of the stock trading app...
Read more...
Earlier this year, multiple US law enforcement agencies completed a joint operation with authorities from the United Kingdom, Europol, Portugal, Germany, Sweden, and Romania. This coordinated police action, dubbed Operation TOURNIQUET, culminated in the seizure of the RaidForums domain names, as well as the arrest of...
Read more...
Shortly after Russia invaded Ukraine near the beginning of this year, some prominent hacking groups announced that they would be joining the war within the digital realm. The hacking collective Anonymous declared cyberwar against the Russian government and has since been conducting cyberattacks on Russian and...
Read more...
