Security News

Pegasus iPhone hacks used as lure in extortion scheme
2021-08-20 15:06

A new extortion scam is underway that attempts to capitalize on the recent Pegasus iOS spyware attacks to scare people into paying a blackmail demand. Last month, Amnesty International and non-profit project Forbidden Stories revealed that the Pegasus spyware was installed on fully updated iPhones through a zero-day zero-click iMessage vulnerability.

Postmortem on U.S. Census Hack Exposes Cybersecurity Failures
2021-08-19 14:35

Threat actors exploited an unpatched Citrix flaw to breach the network of the U.S. Census Bureau in January in an attack that was ultimately halted before a backdoor could be installed or sensitive data could be stolen, according to a report by a government watchdog organization. Investigators found that officials were informed of the flaw in its servers and had at least two opportunities to fix it before the attack, mainly due to lack of coordination between teams responsible for different security tasks, according to the report, published Tuesday by the U.S. Department of Commerce Office of Inspector General.

Liquid cryptocurency exchange loses over $90 million following hack
2021-08-19 09:24

Japan-based cryptocurrency exchange Liquid has suspended deposits and withdrawals after attackers have compromised its warm wallets. Liquid is one of the largest cryptocurrency-fiat exchange platforms worldwide.

Liquid cryptocurrency exchange loses $94 million following hack
2021-08-19 09:24

Japan-based cryptocurrency exchange Liquid has suspended deposits and withdrawals after attackers have compromised its warm wallets. Liquid is one of the largest cryptocurrency-fiat exchange platforms worldwide.

Black Hat: Novel DNS Hack Spills Confidential Corp Data
2021-08-12 20:30

"We found a simple loophole that allowed us to intercept a portion of worldwide dynamic DNS traffic going through managed DNS providers like Amazon and Google. Essentially, we 'wiretapped' the internal network traffic of 15,000 organizations and millions of devices," Wiz wrote in a technical breakdown of the bug. Luttwak calls what he found a "Loophole" within the process used to handle the now obsolete dynamic DNS within modern DNS server configurations.

A remedial approach to destructive IoT hacks
2021-08-12 05:30

With greater awareness and complete visibility into every connected device, organizations can create a full inventory of IoT devices with all the information required to maintain them. Default passwords allow attackers to take over IoT devices as easy access points into the network.

Accenture confirms hack after LockBit ransomware data leak threats
2021-08-11 16:22

Accenture, a global IT consultancy giant has allegedly been hit by a ransomware cyberattack from the LockBit ransomware gang. A ransomware group known as LockBit 2.0 is threatening to publish files data allegedly stolen from Accenture during a recent cyberattack.

Crypto Hack Earned Crooks $600 Million
2021-08-11 15:12

Attackers reportedly stole $600 million from the cryptocurrency platform Poly Network, in what experts say is one of the largest crypto heists to date. Poly Network, a decentralized finance platform based in China, publicly acknowledged that an attacker "Exploited a vulnerability" that allowed them to assign themselves the ownership of money processed through the platform.

Connected Farms Easy Pickings for Global Food Supply-Chain Hack
2021-08-10 21:21

A group of hackers made an unnerving DEF CON 29 presentation showing how the sprawling growth of digital and automated farming has left the world's food supply chain vulnerable to cyberattack. According to John Deere, current tractors being sold are connected to a moisture sensor monitor called HarvestLab, and an overall monitoring software system called Harvest Monitor, which displays real-time productivity measurements on a monitor.

Over $600 million reportedly stolen in cryptocurrency hack
2021-08-10 16:19

Over $611 million has reportedly been stolen in one of the largest cryptocurrency hacks. Decentralized cross-chain protocol and network, Poly Network announced today that it was attacked with cryptocurrency assets having successfully been transferred into the attackers' wallets.