Security News

Hive ransomware disrupted after FBI hacks gang's systems
2023-01-26 15:14

The Hive ransomware operation's Tor payment and data leak sites were seized as part of an international law enforcement operation after the FBI infiltrated the gang's infrastructure last July. Today, the US Department of Justice and Europol announced that an international law enforcement operation secretly infiltrated the Hive ransomware gang's infrastructure in July 2022, when they secretly began monitoring the operation for five months.

Yandex denies hack, blames source code leak on former employee
2023-01-26 14:44

A Yandex source code repository allegedly stolen by a former employee of the Russian technology company has been leaked as a Torrent on a popular hacking forum.In a statement to BleepingComputer, Yandex said their systems were not hacked, and a former employee leaked the source code repository.

FBI: North Korean hackers stole $100 million in Harmony crypto hack
2023-01-24 14:49

The FBI has confirmed that the North Korean state-sponsored 'Lazarus' and APT38 hacking groups were behind the theft of $100 million worth of Ethereum stolen from Harmony Horizon in June 2022. Yesterday, the FBI confirmed that two North Korean hacking groups, Lazarus and APT38, were behind the attack.

FanDuels warns of data breach after customer info stolen in vendor hack
2023-01-22 18:56

"Recently, we were informed by a third-party technology vendor that sends transactional emails on behalf of its clients like FanDuel that they had experienced a security breach within their system that impacted several of their clients," reads a FanDuel 'Notice of Third-Party Vendor Security Incident' seen by BleepingComputer. "On Sunday evening, the vendor confirmed that FanDuel customer names and email addresses were acquired by an unauthorized actor. No customer passwords, financial account information, or other personal information was acquired in this incident."

FanDuel discloses data breach caused by recent MailChimp hack
2023-01-22 18:56

Last Thursday, FanDuel emailed customers to warn them that the threat actors acquired their names and email addresses during the MailChimp breach. "Recently, we were informed by a third-party technology vendor that sends transactional emails on behalf of its clients like FanDuel that they had experienced a security breach within their system that impacted several of their clients," reads a FanDuel 'Notice of Third-Party Vendor Security Incident' seen by BleepingComputer.

Roaming Mantis’ Android malware adds DNS changer to hack WiFi routers
2023-01-19 17:55

The Roaming Mantis malware distribution campaign has updated its Android malware to include a DNS changer that modifies DNS settings on vulnerable WiFi routers to spread the infection to other devices. O/XLoader Android malware that detects vulnerable WiFi routers based on their model and changes their DNS. The malware then creates an HTTP request to hijack a vulnerable WiFi router's DNS settings, causing connected devices to be rerouted to malicious web pages hosting phishing forms or dropping Android malware.

Datadog rotates RPM signing key exposed in CircleCI hack
2023-01-16 19:08

Cloud security firm Datadog says that one of its RPM GPG signing keys and its passphrase have been exposed during a recent CircleCI security breach. "As of January 16th, 2023, Datadog has no indication that the key was actually leaked or misused, but we are still taking the following actions out of an abundance of caution," Datadog said.

CircleCI's hack caused by malware stealing engineer's 2FA-backed session
2023-01-14 22:28

Hackers breached CircleCi in December after an engineer became infected with information-stealing malware that their 2FA-backed SSO session cookie, allowing access to the company's internal systems. In a new security incident report on the attack, CircleCi says they first learned of the unauthorized access to their systems after a customer reported that their GitHub OAuth token had been compromised.

Air France and KLM notify customers of account hacks
2023-01-06 20:21

Air France and KLM have informed Flying Blue customers that some of their personal information was exposed after their accounts were breached. KLM's official Twitter account confirmed the attack and told one of the impacted customers that "The attack was blocked in time and no miles were charged."

DraftKings warns data of 67K people was exposed in account hacks
2022-12-19 17:57

"In the event an account was accessed, among other things, the attacker could have viewed the account holder's name, address, phone number, email address, last four digits of payment card, profile photo, information about prior transactions, account balance, and last date of password change," the breach notification reads. After detecting the attack, DraftKings reset the affected accounts' passwords and said it implemented additional fraud alerts.