Security News

Okta has admitted that it made a mistake delaying the disclosure hack from the Lapsus$ data extortion group that took place in January. Okta: "We made a mistake" over late breach disclosure.

The U.S. has indicted four Russian government employees for their involvement in hacking campaigns targeting hundreds of companies and organizations from the global energy sector between 2012 and 2018. "In total, these hacking campaigns targeted thousands of computers, at hundreds of companies and organizations, in approximately 135 countries," the Department of Justice said.

As Lapsus$ data extortion gang announced that several of its members are taking a vacation, the City of London Police say they have arrested seven individuals connected to the gang. The latest public message from the group on Wednesday announced that some of its members were taking a vacation until March 30.

Okta confirmed today they suffered a security incident in January when hackers compromised a laptop of one of its support engineers that could initiate password resets for customers. "The report highlighted that there was a five-day window of time between January 16-21, 2022, where an attacker had access to a support engineer's laptop. This is consistent with the screenshots that we became aware of yesterday," Okta says in an updated statement on the incident.

In a warning to aviation authorities and air operators on Thursday, the European Union Aviation Safety Agency warned of satellite jamming and spoofing attacks across a broad swath of Eastern Europe that could affect air navigation systems. The warning came in tandem with a separate alert from the FBI and the U.S. Cybersecurity Infrastructure and Security Agency that hackers could be targeting satellite communications networks in general.

Three high-impact security vulnerabilities have been disclosed in APC Smart-UPS devices that could be abused by remote adversaries as a physical weapon to access and control them in an unauthorized manner. TLStorm consists of a trio of critical flaws that can be triggered via unauthenticated network packets without requiring any user interaction, meaning it's a zero-click attack, with two of the issues involving a case of faulty TLS handshake between the UPS and the APC cloud -.

Ukraine is recruiting a volunteer "IT army" of security researchers and hackers to conduct cyberattacks on thirty-one Russian entities, including government agencies, critical infrastructure, and banks. A Telegram channel created to organize the IT Army's operations released a list of Russian targets.

The HSE did not have a Chief Information Security Officer or a "single responsible owner for cybersecurity at either senior executive or management level to provide leadership and direction. Under-resourced Information Security Managers were not performing their business as usual role but were working on evaluating security controls for the COVID-19 vaccination system.

Apple has released security updates to fix a new zero-day vulnerability exploited in the wild by attackers to hack iPhones, iPads, and Macs. Successful exploitation of this bug allows attackers to execute arbitrary code on iPhones and iPads running vulnerable versions of iOS and iPadOS after processing maliciously crafted web content.

The U.S. Justice Department on Tuesday announced the arrest of a married couple in connection with conspiring to launder cryptocurrency worth $4.5 billion that was siphoned during the hack of the virtual currency exchange Bitfinex in 2016. Ilya Lichtenstein, 34, and his wife, Heather Morgan, 31, both of New York, are alleged to have "Stolen funds through a labyrinth of cryptocurrency transactions," with the law enforcement getting hold of over $3.6 billion in cryptocurrency by following the money trails, resulting in the "Largest financial seizure ever."