Security News

Conti ransomware uses Log4j bug to hack VMware vCenter servers
2021-12-17 15:00

Conti ransomware operation is using the critical Log4Shell exploit to gain rapid access to internal VMware vCenter Server instances and encrypt virtual machines. Among the first to leverage the bug were cryptocurrency miners, botnets, and a new ransomware strain called Khonsari.

DHS announces 'Hack DHS' bug bounty program for vetted researchers
2021-12-14 20:38

The Department of Homeland Security has launched a new bug bounty program dubbed "Hack DHS" that allows vetted cybersecurity researchers to find and report security vulnerabilities in external DHS systems. "The Hack DHS program incentivizes highly skilled hackers to identify cybersecurity weaknesses in our systems before they can be exploited by bad actors. This program is one example of how the Department is partnering with the community to help protect our Nation's cybersecurity."

Panasonic Suffers Data Breach After Hackers Hack Into Its Network
2021-11-30 01:36

Japanese consumer electronics giant Panasonic has disclosed a security breach wherein an unauthorized third-party broke into its network and potentially accessed data from one of its file servers. "As the result of an internal investigation, it was determined that some data on a file server had been accessed during the intrusion," the company said in a short statement published on November 26.

Panasonic discloses data breach after network hack
2021-11-29 14:40

Japanese multinational conglomerate Panasonic disclosed a security breach after unknown threat actors gained access to servers on its network this month."Panasonic Corporation has confirmed that its network was illegally accessed by a third party on November 11, 2021," the company said in a press release issued Friday.

GoDaddy hack causes data breach affecting 1.2 million customers
2021-11-22 16:43

In a data breach notification published today, GoDaddy said that the data of up to 1.2 million of its customers was exposed after hackers gained access to the company's Managed WordPress hosting environment."Our investigation is ongoing and we are contacting all impacted customers directly with specific details. Customers can also contact us via our help center which includes phone numbers based on country."

Hackers Exploit macOS Zero-Day to Hack Hong Kong Users with new Implant
2021-11-14 20:47

Google researchers on Thursday disclosed that it found a watering hole attack in late August exploiting a now-parched zero-day in macOS operating system and targeting Hong Kong websites related to a media outlet and a prominent pro-democracy labor and political group to deliver a never-before-seen backdoor on compromised machines. "Based on our findings, we believe this threat actor to be a well-resourced group, likely state backed, with access to their own software engineering team based on the quality of the payload code," Google Threat Analysis Group researcher Erye Hernandez said in a report.

FBI email hack spreads fake security alerts. Here’s what to do…
2021-11-13 20:50

Well-known email tracking organisation Spamhaus, which maintains lists of known senders of spams and scams, is warning of a fraudulent "FBI/Homeland Security" alert that has apparently been widely circulated to network administrators and other IT staff in North America. Urgent: Threat actor in systems Our intelligence monitoring indicates exfiltration of several of your virtualized clusters in a sophisticated chain attack.

Back-to-Back PlayStation 5 Hacks Hit on the Same Day
2021-11-11 20:06

A pair of PlayStation 5 breaches shows the consoles don't have protection from attackers taking over its most basic functions. The second hack was also posted on Twitter on Nov. 7 by Google security engineer Andy Nguyen, who is also known widely in hacker circles as TheFlow.

USA signs internet freedom and no-hack pact it's ignored since 2018
2021-11-11 05:31

The United States has signed up for The Paris Call for Trust and Security in Cyberspace - an international effort to ensure the internet remains free and open, and an agreement to put critical infrastructure off limits to electronic attack by sovereign states and other actors. The Paris Call was issued by French president Emmanuel Macron in 2018, as part of that year's Internet Governance Forum held at UNESCO and alongside the Paris Peace Forum.

Microsoft documents “SHROOTLESS” hack patched in latest Apple updates
2021-10-29 18:38

Impact: A malicious application may be able to modify protected parts of the file system Description: An inherited permissions issue was addressed with additional restrictions CVE-2021-30892: Jonathan Bar Or of Microsoft. As we now know, following an article published by Microsoft researchers after Apple's patches came out, there was a bit more to it that just "Modifying protected parts" of the file system.