Security News

Hackers can hack your online accounts before you even register them
2022-05-23 17:02

Security researchers have revealed that hackers can hijack your online accounts before you even register them by exploiting flaws that have been already been fixed on popular websites, including Instagram, LinkedIn, Zoom, WordPress, and Dropbox. Rew Paverd, a researcher at Microsoft Security Response Center, and Avinash Sudhodanan, an independent security researcher, analyzed 75 popular online services and found that at least 35 are vulnerable to account pre-hijacking attacks.

New Bluetooth Hack Could Let Attackers Remotely Unlock Smart Locks and Cars
2022-05-19 20:08

A novel Bluetooth relay attack can let cybercriminals more easily than ever remotely unlock and operate cars, break open residential smart locks, and breach secure areas. "An attacker can falsely indicate the proximity of Bluetooth LE devices to one another through the use of a relay attack," U.K.-based cybersecurity company NCC Group said.

Apple emergency update fixes zero-day used to hack Macs, Watches
2022-05-16 18:33

Apple has released security updates to address a zero-day vulnerability that threat actors can exploit in attacks targeting Macs and Apple Watch devices. In security advisories issued on Monday, Apple revealed that they're aware of reports this security bug "May have been actively exploited."

David Colombo on Tesla Hacks and Growing into Hacking
2022-04-26 14:00

Cybellum had the pleasure of interviewing David Colombo, the cyber boy wonder of Germany, and founder of Colombo Technologies for our podcast, Left to Our Own Devices. So how did David Colombo, at the tender age of 19, hack into ultra-high tech Tesla cars?

'Hack DHS' bug hunters find 122 security flaws in DHS systems
2022-04-22 20:05

The Department of Homeland Security today revealed that bug bounty hunters enrolled in its 'Hack DHS' bug bounty program have found 122 security vulnerabilities in external DHS systems, 27 of them rated critical severity. DHS awarded a total of $125,600 to over 450 vetted security researchers and ethical hackers, with rewards of up to $5,000 per bug, depending on the flaw's severity.

Lazarus Group Behind $540 Million Axie Infinity Crypto Hack and Attacks on Chemical Sector
2022-04-17 23:05

The U.S. Treasury Department has implicated the North Korea-backed Lazarus Group in the theft of $540 million from video game Axie Infinity's Ronin Network last month. The cryptocurrency heist, the second-largest cryptocurrency theft to date, involved the siphoning of 173,600 Ether and 25.5 million USD Coins from the Ronin cross-chain bridge, which allows users to transfer their digital assets from one crypto network to another, on March 23, 2022.

FBI links largest crypto hack ever to North Korean hackers
2022-04-14 17:40

The Treasury Department's Office of Foreign Assets Control has sanctioned the address that received the cryptocurrency stolen in the largest cryptocurrency hack ever, the hack of Axie Infinity's Ronin network bridge. The Federal Bureau of Investigation said two North Korean hacking groups, Lazarus and BlueNorOff, were behind last month's Ronin hack.

FBI links largest crypto hack ever to Lazarus state hackers
2022-04-14 17:40

The Treasury Department's Office of Foreign Assets Control has sanctioned the address that received the cryptocurrency stolen in the largest cryptocurrency hack ever, the hack of Axie Infinity's Ronin network bridge. Blockchain data platform Chainalysis first spotted that a new ETH address added by OFAC to the SDN list as part of a Lazarus Group update was also used in March to collect the ETH and USDC tokens stolen in the Ronin hack.

US Treasury links largest crypto hack to Lazarus state hackers
2022-04-14 17:40

The Treasury Department's Office of Foreign Assets Control has updated its Specially Designated Nationals list with new information linking the North Korean-backed Lazarus Group APT to the largest cryptocurrency hack in history. Blockchain data platform Chainalysis first spotted that a new ETH address added by OFAC to the SDN list as part of the Lazarus Group entry was also used in March to collect the ETH and USDC tokens stolen during the Axie Infinity's Ronin bridge hack.

Ukraine Warns of Cyber attack Aiming to Hack Users' Telegram Messenger Accounts
2022-04-08 22:07

Ukraine's technical security and intelligence service is warning of a new wave of cyber attacks that are aimed at gaining access to users' Telegram accounts. "The criminals sent messages with malicious links to the Telegram website in order to gain unauthorized access to the records, including the possibility to transfer a one-time code from SMS," the State Service of Special Communication and Information Protection of Ukraine said in an alert.