Krebs on Security

NOVEMBER 9, 2024

The Federal Bureau of Investigation (FBI) is urging police departments and governments worldwide to beef up security around their email systems, citing a recent increase in cybercriminal services that use hacked police email accounts to send unauthorized subpoenas and customer data requests to U.S.-based dot-gov emails get hacked.

Hacking 258

Hacking Accountability Government Social Engineering 258

Schneier on Security

OCTOBER 30, 2023

The islands of Åland are an important tax hack : Although Åland is part of the Republic of Finland, it has its own autonomous parliament. In areas where Åland has its own legislation, the group of islands essentially operates as an independent nation.

Hacking 282

Hacking 282

Schneier on Security

SEPTEMBER 18, 2023

That’s a really profitable hack. (It’s Remember last November, when hackers broke into the network for LastPass—a password database—and stole password vaults with both encrypted and plaintext data for over 25 million users? It’s also bad opsec. The hackers need to move and launder all that money quickly.)

Cryptocurrency 315

Cryptocurrency Hacking Passwords Encryption 315

Schneier on Security

SEPTEMBER 23, 2024

I always like a good hack. Now it’s Lyft’s turn to modify its system to prevent this hack. And this story delivers. Basically, the New York City bikeshare program has a system to reward people who move bicycles from full stations to empty ones. for every bike returned to the Ed Sullivan Theater. Nicely done, people.

Hacking 275

Hacking Manufacturing Scams 275

Schneier on Security

JANUARY 27, 2023

Early in his career, Kevin Mitnick successfully hacked California law. He told me the story when he heard about my new book , which he partially recounts his 2012 book, Ghost in the Wires.

Hacking 343

Hacking Engineering 343

Schneier on Security

JANUARY 29, 2024

Microsoft is reporting that a Russian intelligence agency—the same one responsible for SolarWinds—accessed the email system of the company’s executives.

Hacking 306

Hacking Accountability Passwords Cybersecurity 306

Krebs on Security

MAY 30, 2023

A number of Discord communities focused on cryptocurrency have been hacked this past month after their administrators were tricked into running malicious Javascript code disguised as a Web browser bookmark. On May 9, MetrixCoin reported that its Discord server was hacked, with fake airdrop details pushed to all users.

Hacking 316

Hacking Accountability Scams Cryptocurrency 316

Krebs on Security

JUNE 15, 2024

A 22-year-old man from the United Kingdom arrested this week in Spain is allegedly the ringleader of Scattered Spider , a cybercrime group suspected of hacking into Twilio , LastPass , DoorDash , Mailchimp , and nearly 130 other organizations over the past two years. man arrested was a SIM-swapper who went by the alias “ Tyler.”

Hacking 311

Hacking Phishing Cybercrime Passwords 311

Krebs on Security

DECEMBER 19, 2022

men have been charged with hacking into the Ring home security cameras of a dozen random people and then “swatting” them — falsely reporting a violent incident at the target’s address to trick local police into responding with force. conspired to hack into Yahoo email accounts belonging to victims in the United States.

Hacking 328

Hacking Media Passwords Accountability 328

Schneier on Security

APRIL 9, 2024

US Cyber Safety Review Board released a report on the summer 2023 hack of Microsoft Exchange by China. It was a serious attack by the Chinese government that accessed the emails of senior U.S. government officials. From the executive summary: The Board finds that this intrusion was preventable and should never have occurred.

Hacking 306

Hacking Government Accountability Technology 306

Schneier on Security

OCTOBER 3, 2023

Turns out pumps at gas stations are controlled via Bluetooth, and that the connections are insecure. No details in the article, but it seems that it’s easy to take control of the pump and have it dispense gas without requiring payment. It’s a complicated crime to monetize, though. You need to sell access to the gas pump to others.

Hacking 332

Hacking 332

Krebs on Security

AUGUST 29, 2023

According to recent figures from the managed security firm Reliaquest , QakBot is by far the most prevalent malware “loader” — malicious software used to secure access to a hacked network and help drop additional malware payloads. ” The DOJ said it also recovered more than 6.5

Hacking 294

Hacking Malware Ransomware Government 294

Schneier on Security

OCTOBER 1, 2024

This vulnerability hacks a feature that allows ChatGPT to have long-term memory, where it uses information from past conversations to inform future conversations with that same user. A researcher found that he could use that feature to plant “false memories” into that context window that could subvert the model.

Hacking 257

Hacking Artificial Intelligence 257

Schneier on Security

NOVEMBER 9, 2023

Selling miniature replicas to unsuspecting shoppers: Online marketplaces sell tiny pink cowboy hats. They also sell miniature pencil sharpeners, palm-size kitchen utensils, scaled-down books and camping chairs so small they evoke the Stonehenge scene in “This Is Spinal Tap.”

Retail 288

Retail Hacking Advertising 288

Schneier on Security

AUGUST 20, 2024

This is yet another insecure Internet-of-things story , this one about wireless gear shifters for bicycles. These gear shifters are used in big-money professional bicycle races like the Tour de France, which provides an incentive to actually implement this attack. Research paper. Another news story. Slashdot thread.

Wireless 275

Wireless Hacking Internet Internet 275

Schneier on Security

APRIL 11, 2023

Car thieves are injecting malicious software into a car’s network through wires in the headlights (or taillights) that fool the car into believing that the electronic key is nearby. News articles.

Hacking 331

Hacking Software Malware 331

Krebs on Security

DECEMBER 13, 2022

InfraGard , a program run by the U.S. Federal Bureau of Investigation (FBI) to build cyber and physical threat information sharing partnerships with the private sector, this week saw its database of contact information on more than 80,000 members go up for sale on an English-language cybercrime forum.

Hacking 363

Hacking Energy and Utilities Cybercrime Accountability 363

Schneier on Security

DECEMBER 17, 2024

Not everything needs to be digital and “smart.” ” License plates, for example : Josep Rodriguez, a researcher at security firm IOActive, has revealed a technique to jailbreak digital license plates sold by Reviver, the leading vendor of those plates in the US with 65,000 plates already sold.

Firmware 190

Firmware Hacking Software 190

The Last Watchdog

AUGUST 3, 2024

So, Martin taught herself ethical hacking skills and then founded Black Girls Hack to guide others down the trail she blazed. The post Black Hat Fireside Chat: ‘Black Girls Hack’ emphasizes diversity as effective force multiplier first appeared on The Last Watchdog. Acohido Pulitzer Prize-winning business journalist Byron V.

Hacking 246

Hacking Internet Internet Software 246

Krebs on Security

FEBRUARY 26, 2023

Media coverage understandably focused on GoDaddy’s admission that it suffered three different cyberattacks over as many years at the hands of the same hacking group. But it’s worth revisiting how this group typically got in to targeted companies: By calling employees and tricking them into navigating to a phishing website.

Hacking 309

Hacking Social Engineering Phishing Scams 309

Schneier on Security

OCTOBER 8, 2024

The Wall Street Journal is reporting that Chinese hackers (Salt Typhoon) penetrated the networks of US broadband providers, and might have accessed the backdoors that the federal government uses to execute court-authorized wiretap requests. Those backdoors have been mandated by law—CALEA—since 1994. It’s a weird story.

Hacking 285

Hacking Government 285

Krebs on Security

DECEMBER 19, 2024

Cyber threat analysts at Silent Push said they recently received reports from a partner organization that identified an aggressive scanning effort against their website using an Internet address previously associated with a campaign by FIN7 , a notorious Russia-based hacking group. co — first came online in February 2023.

Hacking 149

Hacking Cybercrime Advertising Data breaches 149

Security Affairs

DECEMBER 7, 2024

Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs hacking,ransomware) Grabovac pointed out that his organization will not pay the ransom requested by the ransomware gang.

Ransomware 131

Ransomware Hacking Accountability Cyber Attacks 131

WIRED Threat Level

NOVEMBER 22, 2024

In a first, Russia's APT28 hacking group appears to have remotely breached the Wi-Fi of an espionage target by hijacking a laptop in another building across the street.

Hacking 145

Hacking 145

Penetration Testing

OCTOBER 30, 2024

In a thrilling showdown at the recent Pwn2Own Ireland 2024 hacking competition, white hat hackers YingMuo (@YingMuo), in collaboration with the DEVCORE Internship Program, successfully exploited a critical zero-day vulnerability... The post CVE-2024-50387: Critical QNAP Flaw Exploited in Hacking Contest, Patch Now!

Hacking 128

Hacking Cybersecurity 128

Schneier on Security

MARCH 8, 2024

Researchers ran a global prompt hacking competition, and have documented the results in a paper that both gives a lot of good examples and tries to organize a taxonomy of effective prompt injection strategies. To address this lacuna, we launch a global prompt hacking competition, which allows for free-form human input attacks.

Hacking 308

Hacking Artificial Intelligence 308

The Hacker News

NOVEMBER 26, 2024

Trend Micro, which described the hacking group as an aggressive advanced persistent threat (APT), said the intrusions also involved the use of another cross-platform backdoor dubbed

Hacking 139

Hacking Telecommunications Malware 139

Security Affairs

NOVEMBER 21, 2024

Mexico’s president announced the government is investigating an alleged ransomware hack that targeted the administration’s legal affairs office. Today they are going to send me a report on the supposed hacking.” This is not the first time Mexico’s presidential office has been targeted in a hack involving sensitive information.

Government 145

Government Hacking Ransomware Insurance 145

Security Affairs

NOVEMBER 9, 2024

Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs – hacking, Mazda Connect) . “The CMU can then be compromised and “enhanced” to, for example, attempt to compromise any connected device in targeted attacks that can result in DoS, bricking, ransomware, safety compromise, etc.”

Hacking 136

Hacking Firmware Software Manufacturing 136

Security Affairs

NOVEMBER 10, 2024

US CFPB warns employees to avoid work-related mobile calls and texts following China-linked Salt Typhoon hack over security concerns. The hacking campaign, called Salt Typhoon by investigators, hasn’t previously been publicly disclosed and is the latest in a series of incursions that U.S. and its allies for hacking activities in July.

Hacking 136

Hacking Internet Internet Government 136

Schneier on Security

NOVEMBER 27, 2024

Legal documents released in ongoing US litigation between NSO Group and WhatsApp have revealed for the first time that the Israeli cyberweapons maker ­ and not its government customers ­ is the party that “installs and extracts” information from mobile phones targeted by the company’s hacking software.

Government 292

Government Spyware Mobile Hacking 292

Schneier on Security

MAY 17, 2024

“The Federal Bureau of Investigation (FBI) is investigating the criminal hacking forums known as BreachForums and Raidforums,” reads a dedicated subdomain on the FBI’s IC3 portal. co and run by pompompurin) operated a similar hacking forum from March 2022 until March 2023. . ”

Hacking 285

Hacking Accountability Ransomware Internet 285

Schneier on Security

FEBRUARY 9, 2024

million smart toothbrushes were hacked and used in a DDoS attack is false. Or maybe it was a stock-price hack. The widely reported story last week that 1.5 Near as I can tell, a German reporter talking to someone at Fortinet got it wrong , and then everyone else ran with it without reading the German text.

DDOS 299

DDOS Hacking Internet Internet 299

Tech Republic Security

JULY 12, 2024

Businesses and individuals with AT&T accounts from May 1, 2022 to October 31, 2022 and on January 2, 2023 will be notified if their data was affected.

Hacking 198

Hacking Accountability Big data Telecommunications 198

Schneier on Security

NOVEMBER 6, 2023

The Flipper Zero is an incredibly versatile hacking device. These types of hacks have been possible for decades, but they require special equipment and a fair amount of expertise. Now it can be used to crash iPhones in its vicinity by sending them a never-ending stream of pop-ups.

Firmware 311

Firmware Hacking Software 311

Tech Republic Security

OCTOBER 25, 2024

bundle gives you 92 hours of training in penetration testing, network security, and much more.

Penetration Testing 165

Penetration Testing Hacking Network Security Cybersecurity 165

Schneier on Security

MARCH 5, 2024

First, these doorbells expose your home IP address and WiFi network name to the internet without encryption, potentially opening your home network to online criminals. […] Anyone who can physically access one of the doorbells can take over the device—no tools or fancy hacking skills needed.

Internet 330

Internet Internet Encryption Hacking 330