article thumbnail

FBI: Spike in Hacked Police Emails, Fake Subpoenas

Krebs on Security

The Federal Bureau of Investigation (FBI) is urging police departments and governments worldwide to beef up security around their email systems, citing a recent increase in cybercriminal services that use hacked police email accounts to send unauthorized subpoenas and customer data requests to U.S.-based based technology companies.

Hacking 279
article thumbnail

Microsoft Takes Legal Action Against AI “Hacking as a Service” Scheme

Schneier on Security

Not sure this will matter in the end, but it’s a positive move : Microsoft is accusing three individuals of running a “hacking-as-a-service” scheme that was designed to allow the creation of harmful and illicit content using the company’s platform for AI-generated content. Slashdot thread.

Hacking 281
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

NSA on Authentication Hacks (Related to SolarWinds Breach)

Schneier on Security

The NSA has published an advisory outlining how “malicious cyber actors” are “are manipulating trust in federated authentication environments to access protected data in the cloud.” From the summary : Malicious cyberactors are abusing trust in federated authentication environments to access protected data.

article thumbnail

U.S. Soldier Charged in AT&T Hack Searched “Can Hacking Be Treason”

Krebs on Security

government officials searched online for non-extradition countries and for an answer to the question “can hacking be treason?” Days after he apparently finished communicating with Country-1s military intelligence service, Wagenius Googled, ‘can hacking be treason.'” million customers.

Hacking 239
article thumbnail

Bypassing Two-Factor Authentication

Schneier on Security

In the past few months, suspected script kiddies like the Lapsus$ data extortion gang and elite Russian-state threat actors (like Cozy Bear, the group behind the SolarWinds hack) have both successfully defeated the protection. […].

article thumbnail

Authentication bypass CVE-2025-22230 impacts VMware Windows Tools

Security Affairs

Broadcom addressed a high-severity authentication bypass vulnerability, tracked as CVE-2025-22230, in VMware Tools for Windows. Broadcom released security updates to address a high-severity authentication bypass vulnerability, tracked as CVE-2025-22230 (CVSS score 9.8), impacting VMware Tools for Windows. ” reads the advisory.

article thumbnail

The Story of the 2011 RSA Hack

Schneier on Security

Really good long article about the Chinese hacking of RSA, Inc. They were able to get copies of the seed values to the SecurID authentication token, a harbinger of supply-chain attacks to come.

Hacking 333