Security
Major breach exposes every Dutch police officer: state-sponsored actor suspected
The Dutch National Police suspect that a state-sponsored actor was behind a cyber attack that exposed nearly 63,000 officers’ names, email addresses, phone numbers, and, in some cases, other private information.
Read more about Major breach exposes every Dutch police officer: state-sponsored actor suspected
To catch a predator admin: the power of OSINT
This #OpChildSafety investigation began on March 12th, 2024, when one of my threat researchers from W1nterStorm, whom I shall refer to by the alias CR-2 (Confidential Researcher), discovered a Facebook group called 'Modeling 4 Kidz' that was not what it appeared to be.
Read more about To catch a predator admin: the power of OSINT
Five percent of all Adobe Commerce and Magento stores hacked, researchers say
Ray-Ban, National Geographic, Cisco, Whirlpool, and Segway are among the victims of a hacking campaign targeting merchants. The Sansec Forensics Team reported that attackers have already breached 4,275 online stores by exploiting a critical vulnerability affecting Adobe Commerce and Magento software.
Read more about Five percent of all Adobe Commerce and Magento stores hacked, researchers say
Fake trading apps infiltrate major app stores with a pig-butchering scheme
Cybercriminals are targeting Apple iOS and Android users in a large-scale fraud campaign involving fake trading apps, Group-IB’s threat intelligence analysts warn. Fake trading platforms pop up on app stores containing no malware to bypass defenses, yet allow attackers to extract significant funds.
Read more about Fake trading apps infiltrate major app stores with a pig-butchering scheme
True horror story for Outlast devs: major data breach will result in delays
Red Barrels, the creator of the psychological horror game Outlast franchise, has suffered a data breach.
Read more about True horror story for Outlast devs: major data breach will result in delays
Who owns your shiny new Pixel 9 phone? You can’t say no to Google’s surveillance
Google's latest flagship smartphone raises concerns about user privacy and security. It frequently transmits private user data to the tech giant before any app is installed. Moreover, the Cybernews research team has discovered that it potentially has remote management capabilities without user awareness or approval.
Read more about Who owns your shiny new Pixel 9 phone? You can’t say no to Google’s surveillance
Wave of record-breaking DDoS attacks originating from compromised WiFi routers
Cloudflare has disclosed a new largest-ever DDoS (distributed denial of service) attack, which peaked at 3.8 Tbps. This is equivalent to filling a 1 terabyte hard drive in less than three seconds. An unprecedented campaign of hyper-volumetric DDoS attacks tested defenses during September.
Read more about Wave of record-breaking DDoS attacks originating from compromised WiFi routers
Meta’s FIRE pulls thousands of ‘celeb bait’ scam ads off Facebook, Instagram
Meta’s new FIRE scam reporting tool for banks has led to the removal of thousands of celebrity clickbait and other fraudulent ads on Facebook and Instagram targeting users in Australia and the UK.
Read more about Meta’s FIRE pulls thousands of ‘celeb bait’ scam ads off Facebook, Instagram
CISA’s platform receives 2,400 unique vulnerability disclosures, researchers paid $335K
During its two years of operation, the Vulnerability Disclosure Policy (VDP) Platform, operated by the Cybersecurity and Infrastructure Security Agency (CISA), onboarded 51 agency programs and received over 12,000 submissions for vulnerabilities.
Read more about CISA’s platform receives 2,400 unique vulnerability disclosures, researchers paid $335K
Data leak hits Latin America’s financial institutions, leads point to fintech app
Digital banking platform Bankingly has leaked data from seven financial institutions, exposing clients across Central and South America.
Read more about Data leak hits Latin America’s financial institutions, leads point to fintech app
Roblox cheaters targeted by cybercriminals offering malicious gaming ‘hacks’
Dozens of malware variants targeting Roblox players have appeared online, taking the form of Python packages, Github repositories, and executable files. Cybersecurity researchers from Imperva warn that many of them were downloaded hundreds of times, with cybercrooks stealing money, data, and accounts.
Read more about Roblox cheaters targeted by cybercriminals offering malicious gaming ‘hacks’
What is Pango's UltraAV, which rose from the ashes of Kaspersky's US Exit?
After Kaspersky was forced to leave the US, millions of Americans unknowingly boarded a new ‘ship’ – UltraAV, an antivirus offering by Pango. Dr. Zulfikar Ramzan, Pango's CTO, explains they had little choice. Otherwise, millions would’ve been left without protection. The new ship is being built on a reliable 20-year-old foundation and will continue to improve as it sails.
Read more about What is Pango's UltraAV, which rose from the ashes of Kaspersky's US Exit?
Fan forum leaks Miami Dolphins supporters’ private messages
While supporting any sports team comes with a fair share of stress, aficionados of the NFL’s Miami Dolphins may have to worry about more than their favorite team conceding a touchdown.
Read more about Fan forum leaks Miami Dolphins supporters’ private messages
Critical printing system bugs affect hundreds of thousands of Linux machines
Linux systems running a printing system CUPS (Common Unix Printing System) are vulnerable to a critical exploit, enabling attackers to run remote code.
Read more about Critical printing system bugs affect hundreds of thousands of Linux machines
FBI warns of sophisticated Iranian hackers targeting personal accounts
Senior officials, current or former, journalists, activists, lobbyists, and senior think tank personnel are all targets of cyber threat actors working on behalf of the Iranian Government’s Islamic Revolutionary Guard Corps (IRGC).
Read more about FBI warns of sophisticated Iranian hackers targeting personal accounts
Meta fined $100M for exposing plaintext passwords of millions of Facebook users
The Data Protection Commission (DPC) Ireland slaps Meta Platforms with a $100 million fine on Friday for exposing the plaintext passwords of a reported 600 million Facebook users to internal employees.
Read more about Meta fined $100M for exposing plaintext passwords of millions of Facebook users
Kia vulnerabilities could allow bad actors to steal your car
Security researchers have found a set of vulnerabilities that could allow bad actors to hack into Kia vehicles made after 2013 and steal the owner's personal information.
Read more about Kia vulnerabilities could allow bad actors to steal your car
Former affiliate upgrades to ransomware gang and launches its own attacks
Microsoft has discovered a new threat actor that previously operated as an affiliate for other ransomware-as-a-service gangs, including Hive, BlackCat (ALPHV), Hunters International, LockBit, and most recently, Embargo ransomware. Now, they’re trying to do something of their own.
Read more about Former affiliate upgrades to ransomware gang and launches its own attacks
Hidden prompts in emails and docs can send Google Gemini haywire, researchers say
Gemini, a powerful Google Workspace AI assistant, can be manipulated to produce misleading or malicious unintended responses. HiddenLayer researchers have demonstrated that cybercriminals can distribute emails and docs that will alert users to change passwords, visit dangerous websites, or perform other actions.
Read more about Hidden prompts in emails and docs can send Google Gemini haywire, researchers say
Pro-Palestinian hackers claim they hacked famous Israeli politicians, share personal photos, emails
Handala Hack, a pro-Palestinian hacktivist group, leaked 60,000 thousand ‘secret emails’ allegedly belonging to Gabriel "Gabi" Ashkenazi, an Israeli politician who previously served as the Minister of Foreign Affairs. They also exposed Benny Gantz, former defense minister and retired army general.
Read more about Pro-Palestinian hackers claim they hacked famous Israeli politicians, share personal photos, emails
