Security News

One of the largest Vietnamese crypto trading platforms, ONUS, recently suffered a cyber attack on its payment system running a vulnerable Log4j version. Threat actors approached ONUS to extort a $5 million sum and threatened to publish the customer data should ONUS refuse to comply.

The Department of Homeland Security has announced that the 'Hack DHS' program is now also open to bug bounty hunters willing to track down DHS systems impacted by Log4j vulnerabilities. The 'Hack DHS' bug bounty program was announced last week.

Conti ransomware operation is using the critical Log4Shell exploit to gain rapid access to internal VMware vCenter Server instances and encrypt virtual machines. Among the first to leverage the bug were cryptocurrency miners, botnets, and a new ransomware strain called Khonsari.

The Department of Homeland Security has launched a new bug bounty program dubbed "Hack DHS" that allows vetted cybersecurity researchers to find and report security vulnerabilities in external DHS systems. "The Hack DHS program incentivizes highly skilled hackers to identify cybersecurity weaknesses in our systems before they can be exploited by bad actors. This program is one example of how the Department is partnering with the community to help protect our Nation's cybersecurity."

Japanese consumer electronics giant Panasonic has disclosed a security breach wherein an unauthorized third-party broke into its network and potentially accessed data from one of its file servers. "As the result of an internal investigation, it was determined that some data on a file server had been accessed during the intrusion," the company said in a short statement published on November 26.

Japanese multinational conglomerate Panasonic disclosed a security breach after unknown threat actors gained access to servers on its network this month."Panasonic Corporation has confirmed that its network was illegally accessed by a third party on November 11, 2021," the company said in a press release issued Friday.

In a data breach notification published today, GoDaddy said that the data of up to 1.2 million of its customers was exposed after hackers gained access to the company's Managed WordPress hosting environment."Our investigation is ongoing and we are contacting all impacted customers directly with specific details. Customers can also contact us via our help center which includes phone numbers based on country."

Google researchers on Thursday disclosed that it found a watering hole attack in late August exploiting a now-parched zero-day in macOS operating system and targeting Hong Kong websites related to a media outlet and a prominent pro-democracy labor and political group to deliver a never-before-seen backdoor on compromised machines. "Based on our findings, we believe this threat actor to be a well-resourced group, likely state backed, with access to their own software engineering team based on the quality of the payload code," Google Threat Analysis Group researcher Erye Hernandez said in a report.

Well-known email tracking organisation Spamhaus, which maintains lists of known senders of spams and scams, is warning of a fraudulent "FBI/Homeland Security" alert that has apparently been widely circulated to network administrators and other IT staff in North America. Urgent: Threat actor in systems Our intelligence monitoring indicates exfiltration of several of your virtualized clusters in a sophisticated chain attack.

A pair of PlayStation 5 breaches shows the consoles don't have protection from attackers taking over its most basic functions. The second hack was also posted on Twitter on Nov. 7 by Google security engineer Andy Nguyen, who is also known widely in hacker circles as TheFlow.