Security News

Hackers reportedly stole over $257,000 in Ethereum and thirty-two NFTs after the Yuga Lab's Bored Ape Yacht Club and Otherside Metaverse Discord servers were compromised to post a phishing scam. Earlier this morning, the Discord account for a Yuga Labs community manager was allegedly hacked to post a phishing scam on the company's Discord servers.

Ransomware and social engineering continue to dominate challenges facing cybersecurity professionals, according to Verizon's 15th annual Data Breach Investigations Report. In general, the results of DBIR merely confirm well-established trends, such as the growing threats of ransomware - up 13% this year - and the inescapability of the "Human element", which was tied to 82% of all breaches.

A ransomware gang is taking extortion to a new level by publicly hacking corporate websites to publicly display ransom notes. This new extortion strategy is being conducted by Industrial Spy, a data extortion gang that recently began using ransomware as part of their attacks.

Popular video conferencing service Zoom has resolved as many as four security vulnerabilities, which could be exploited to compromise another user over chat by sending specially crafted Extensible Messaging and Presence Protocol messages and execute malicious code.CVE-2022-22786 - Update package downgrade in Zoom Client for Meetings for Windows.

Security researchers have revealed that hackers can hijack your online accounts before you even register them by exploiting flaws that have been already been fixed on popular websites, including Instagram, LinkedIn, Zoom, WordPress, and Dropbox. Rew Paverd, a researcher at Microsoft Security Response Center, and Avinash Sudhodanan, an independent security researcher, analyzed 75 popular online services and found that at least 35 are vulnerable to account pre-hijacking attacks.

A novel Bluetooth relay attack can let cybercriminals more easily than ever remotely unlock and operate cars, break open residential smart locks, and breach secure areas. "An attacker can falsely indicate the proximity of Bluetooth LE devices to one another through the use of a relay attack," U.K.-based cybersecurity company NCC Group said.

Apple has released security updates to address a zero-day vulnerability that threat actors can exploit in attacks targeting Macs and Apple Watch devices. In security advisories issued on Monday, Apple revealed that they're aware of reports this security bug "May have been actively exploited."

Cybellum had the pleasure of interviewing David Colombo, the cyber boy wonder of Germany, and founder of Colombo Technologies for our podcast, Left to Our Own Devices. So how did David Colombo, at the tender age of 19, hack into ultra-high tech Tesla cars?

The Department of Homeland Security today revealed that bug bounty hunters enrolled in its 'Hack DHS' bug bounty program have found 122 security vulnerabilities in external DHS systems, 27 of them rated critical severity. DHS awarded a total of $125,600 to over 450 vetted security researchers and ethical hackers, with rewards of up to $5,000 per bug, depending on the flaw's severity.

The U.S. Treasury Department has implicated the North Korea-backed Lazarus Group in the theft of $540 million from video game Axie Infinity's Ronin Network last month. The cryptocurrency heist, the second-largest cryptocurrency theft to date, involved the siphoning of 173,600 Ether and 25.5 million USD Coins from the Ronin cross-chain bridge, which allows users to transfer their digital assets from one crypto network to another, on March 23, 2022.