Security News

Distributed Denial of Secrets, a self-proclaimed "Transparency collective," claim they have received more than 70 gigabytes of data exfiltrated from social media network Gab. Gab, which touts itself as "a social network that champions free speech, individual liberty and the free flow of information online" has drawn in various alt-right and far-right users.

A hacking group called 'Hotarus Corp' has hacked Ecuador's Ministry of Finance and the country's largest bank, Banco Pichincha, where they claim to have stolen internal data. The ransomware gang first targeted Ecuador's Ministry of Finance, the Ministerio de Economía y Finanzas de Ecuador, where they deployed a PHP-based ransomware strain to encrypt a site hosting an online course.

In early 2021, a Chinese threat actor tracked as TA413 attempted to hack into the Gmail accounts of Tibetan organizations using a malicious browser extension, researchers with cybersecurity firm Proofpoint have discovered. In January and February 2021, the group was observed delivering the FriarFox extension, customized to specifically target the Firefox browser and provide attackers with access to and control of victims' Gmail accounts.

Leading technology companies said Tuesday that a months-long breach of corporate and government networks was so sophisticated, focused and labor-intensive that a nation had to be behind it, with all the evidence pointing to Russia. In the first congressional hearing on the breach, representatives of technology companies involved in the response described a hack of almost breathtaking precision, ambition and scope.

Transport for NSW, which is the main transport and roads agency in New South Wales, Australia, and NSW Health, the state's ministry of health, are the latest confirmed victims of a cyber-attack targeting Accellion's FTA file transfer service. Transport for NSW says that some information was stolen before the attack on Accellion servers was interrupted and that an investigation is ongoing, but did not provide further details on the matter.

Cybersecurity researchers have disclosed a novel attack that could allow criminals to trick a point of sale terminal into transacting with a victim's Mastercard contactless card while believing it to be a Visa card. The research, published by a group of academics from ETH Zurich, builds on a study detailed last September that delved into a PIN bypass attack, permitting bad actors to leverage a victim's stolen or lost Visa EMV-enabled credit card for making high-value purchases without knowledge of the card's PIN, and even fool the terminal into accepting unauthentic offline card transactions.

"It's really highlighted the investments we need to make in cybersecurity to have the visibility to block these attacks in the future," Anne Neuberger, the newly appointed deputy national security adviser for cyber and emergency technology said Wednesday at a White House briefing. President Joe Biden plans to release an executive order soon that Neuberger said will include about eight measures intended to address security gaps exposed by the hack.

U.S. authorities are still working to unravel the full scope of the likely Russian hack that gave the "Sophisticated" actor behind the breach complete access to files and email from at least nine government agencies and about 100 private companies, the top White House cybersecurity official said Wednesday. Anne Neuberger, the newly appointed deputy national security adviser for cyber and emerging technology, also warned that the danger has not passed because the hackers breached networks of technology companies whose products could be used to launch additional intrusions.

Ninja Forms, a WordPress plugin used by more than 1 million sites, contains four critical security vulnerabilities that together make it possible for a remote attacker to take over a WordPress site and create various kinds of problems. Ninja Forms offers WordPress site designers the ability to create forms using a drag-and-drop capability, with no coding skills required.

North Korean hackers tried to break into the computer systems of pharmaceutical giant Pfizer in a search for information on a coronavirus vaccine and treatment technology, South Korea's spy agency said Tuesday, according to reports. The impoverished, nuclear-armed North has been under self-imposed isolation since closing its borders in January last year to try to protect itself from the virus that first emerged in neighbouring China and has gone on to sweep the world, killing more than two million people.