Security News

The Treasury Department's Office of Foreign Assets Control has updated its Specially Designated Nationals list with new information linking the North Korean-backed Lazarus Group APT to the largest cryptocurrency hack in history. Blockchain data platform Chainalysis first spotted that a new ETH address added by OFAC to the SDN list as part of the Lazarus Group entry was also used in March to collect the ETH and USDC tokens stolen during the Axie Infinity's Ronin bridge hack.

Ukraine's technical security and intelligence service is warning of a new wave of cyber attacks that are aimed at gaining access to users' Telegram accounts. "The criminals sent messages with malicious links to the Telegram website in order to gain unauthorized access to the records, including the possibility to transfer a one-time code from SMS," the State Service of Special Communication and Information Protection of Ukraine said in an alert.

Globant itself posted an official warning with the US Securities and Exchange Commission stating that "We have recently detected that a limited section of our company's code repository has been subject to unauthorized access." The mystery of who, what and where the LAPSUS$ kingpins are located deepened yet further last Friday, when City of London Police noted that two suspects, aged 16 and 17 - presumably two of the seven whose arrest-and-release had been reported earlier - were due in court that morning [2022-04-01]:. Two teenagers have been charged in connection with an investigation into members of a hacking group.

A group of academics from the University of Oxford and Armasuisse S+T has disclosed details of a new attack technique against the popular Combined Charging System that could potentially disrupt the ability to charge electric vehicles at scale. Dubbed "Brokenwire," the method interferes with the control communications that transpire between the vehicle and charger to wirelessly abort the charging sessions from a distance of as far as 47m. "While it may only be an inconvenience for individuals, interrupting the charging process of critical vehicles, such as electric ambulances, can have life-threatening consequences," the researchers explained.

Apple has released security updates on Thursday to address two zero-day vulnerabilities exploited by attackers to hack iPhones, iPads, and Macs. In security advisories published today, Apple said that they're aware of reports the issues "May have been actively exploited."

An independent security researcher has shared what's a detailed timeline of events that transpired as the notorious LAPSUS$ extortion gang broke into a third-party provider linked to the cyber incident at Okta in late January 2022. Sitel, through its acquisition of Sykes Enterprises in September 2021, is the third-party service provider that provides customer support on behalf of Okta.

IT and software consultancy firm Globant has confirmed that they were breached by the Lapsus$ data extortion group, where data consisting of administrator credentials and source code was leaked by the threat actors. As part of the leak, the hacking group released a 70GB archive of data stolen from Globant, describing it as "Some customers source code."

Researchers from the University of Oxford published details of a vulnerability in the Combined Charging System that has the potential to abort charging. The Combined Charging System is one of the plethora of standards in the EV charging world, and allows DC fast charging.

Okta has admitted that it made a mistake delaying the disclosure hack from the Lapsus$ data extortion group that took place in January. Okta: "We made a mistake" over late breach disclosure.

The U.S. has indicted four Russian government employees for their involvement in hacking campaigns targeting hundreds of companies and organizations from the global energy sector between 2012 and 2018. "In total, these hacking campaigns targeted thousands of computers, at hundreds of companies and organizations, in approximately 135 countries," the Department of Justice said.