Security News

Restart After Hacks Delayed Again by Software Firm
2021-07-09 10:41

A US software firm hit by a ransomware attack that crippled companies worldwide put off restarting its servers until Sunday to harden defenses against further breaches. Kaseya has the vulnerabilities exploited in the attack blocked, but opted to take more time to put in place additional layers of protection, he explained.

Morgan Stanley Hit by Accellion Hack Through Third-Party Vendor
2021-07-09 03:53

Investment banking firm Morgan Stanley has informed the New Hampshire Attorney General that personal information of some customers was compromised through a third-party vendor that was using the Accellion FTA service. In a letter submitted last week to the New Hampshire Attorney General's office, Morgan Stanley said Guidehouse informed them in May 2021 that some threat actors had exploited Accellion FTA to access Morgan Stanley documents that included personal information of StockPlan Connect participants.

Morgan Stanley reports data breach after vendor Accellion hack
2021-07-08 13:19

Investment banking firm Morgan Stanley has reported a data breach after attackers stole personal information belonging to its customers by hacking into the Accellion FTA server of a third-party vendor. Guidehouse, a third-party vendor that provides account maintenance services to Morgan Stanley's StockPlan Connect business, notified the investment banking company in May 2021 that attackers hacked its Accellion FTA server to steal information belonging to Morgan Stanley stock plan participants.

Researchers Reproduce Exploit Used in Kaseya Hack
2021-07-07 11:24

Researchers have successfully reproduced the exploit used in the recent cyberattack targeting IT management software maker Kaseya and its customers. Kaseya on July 2 urged customers to immediately shut down on-premises servers running its VSA endpoint management and network monitoring tool due to a cyberattack.

Old Vulnerability Exploited to Hack, Wipe WD Storage Devices
2021-06-25 14:17

Many owners of My Book Live and My Book Live Duo network-attached storage devices made by Western Digital reported having their files wiped, and it seems that it's the result of an attack exploiting an old vulnerability. Victims said a factory reset had been initiated on their device, which resulted in all files being erased.

Water Sector Security Report Released Just as Another Water Plant Hack Comes to Light
2021-06-21 11:33

The Water Sector Coordinating Council last week announced a new cybersecurity report focusing on water and wastewater utilities in the United States. The release of the report coincided with news that a threat actor in January attempted to poison the water at a facility in the U.S. The Water Sector Coordinating Council describes itself as "a policy, strategy and coordination mechanism for the Water and Wastewater Sector in interactions with the government and other sectors on critical infrastructure security and resilience issues."

North Korea Exploited VPN Flaw to Hack South's Nuclear Research Institute
2021-06-20 23:35

South Korea's state-run Korea Atomic Energy Research Institute on Friday disclosed that its internal network was infiltrated by suspected attackers operating out of its northern counterpart. KAERI, established in 1959 and situated in the city of Daejeon, is a government-funded research institute that designs and develops nuclear technologies related to reactors, fuel rods, radiation fusion, and nuclear safety.

New Windows 11 registry hacks to customize your device
2021-06-20 16:30

With Microsoft getting ready to unveil the new Windows 11 operating system, we take a look at some of the new Registry hacks that can be used to customize your device. A preview build of Windows 11 was leaked online last week, giving us a sneak peek at the new features Microsoft is bringing to its next generation of Windows.

How to hack a bicycle – Peloton Bike+ rooting bug patched
2021-06-17 18:09

One problem with hacking on top-end specialised devices such as electric cars or fancy online bicycles, rather than on low-end devices such as light bulbs and webcams, is that budget and availability become an important issue. The researchers decided to take a real-world approach for two main reasons: they didn't have another bike handy, and they were keen to look for vulnerabilities that would work out of the box against stock products, rather than needing any "Pre-hacking" to be carried out on the device.

Ransomware Attackers Partnering With Cybercrime Groups to Hack High-Profile Targets
2021-06-16 20:28

As ransomware attacks against critical infrastructure skyrocket, new research shows that threat actors behind such disruptions are increasingly shifting from using email messages as an intrusion route to purchasing access from cybercriminal enterprises that have already infiltrated major targets. "Ransomware operators often buy access from independent cybercriminal groups who infiltrate major targets and then sell access to the ransomware actors for a slice of the ill-gotten gains," researchers from Proofpoint said in a write-up shared with The Hacker News.