Security News

Amir Hossein Golshan, 25, was sentenced to eight years in prison by a Los Angeles District Court and ordered to pay $1.2 million in restitution for crimes involving SIM swapping, merchant fraud, support fraud, account hacking, and cryptocurrency theft. Golshan pleaded guilty on July 19, 2023, for hijacking the Instagram account of a prominent social media influencer.

The Canadian government says two of its contractors have been hacked, exposing sensitive information belonging to an undisclosed number of government employees. These breaches occurred last month and impacted Brookfield Global Relocation Services and SIRVA Worldwide Relocation & Moving Services, both providers of relocation services to Canadian government employees.

They also sell miniature pencil sharpeners, palm-size kitchen utensils, scaled-down books and camping chairs so small they evoke the Stonehenge scene in "This Is Spinal Tap." Many of the minuscule objects aren't clearly advertised. But there is no doubt some online sellers deliberately trick customers into buying smaller and often cheaper-to-produce items, Witcher said.

The Federal Bureau of Investigation is warning that ransomware threat actors are targeting casino servers and use legitimate system management tools to increase their permissions on the network. [...]

Okta says attackers who breached its customer support system last month gained access to files belonging to 134 customers, five of them later being targeted in session hijacking attacks with the help of stolen session tokens. "From September 28, 2023 to October 17, 2023, a threat actor gained unauthorized access to files inside Okta's customer support system associated with 134 Okta customers, or less than 1% of Okta customers," Okta revealed.

The U.S. Securities and Exchange Commission today charged SolarWinds with defrauding investors by allegedly concealing cybersecurity defense issues before a December 2020 linked to APT29, the Russian Foreign Intelligence Service hacking division. The SEC claims SolarWinds failed to notify investors about cybersecurity risks and poor practices that its Chief Information Security Officer, Timothy G. Brown, knew about.

Cisco has addressed the two vulnerabilities that hackers exploited to compromise tens of thousands of IOS XE devices over the past week. Both vulnerabilities, which Cisco tracks as CSCwh87343, are in the web UI of Cisco devices running the IOS XE software.

A group of cyber activists under the Ukrainian Cyber Alliance banner has hacked the servers of the Trigona ransomware gang and wiped them clean after copying all the information available. Ukrainian Cyber Alliance hackers gained access to Trigona ransomware's infrastructure by using a public exploit for CVE-2023-22515, a critical vulnerability in Confluence Data Center and Server that can be leveraged remotely to escalate privileges.

Are you excited to pursue a cybersecurity career but unsure where to begin? Whether you're a student, an incoming professional, or ready to work in a different field, the tried-and-tested career hacks in this eBook will help you get your start in cybersecurity. You don't need work experience - just a passion and the drive to enter a challenging and rewarding field that protects the world from cyber threats and bad actors.

The District of Columbia Board of Elections is currently probing a data leak involving an unknown number of voter records following breach claims from a threat actor known as RansomedVC. DCBOE operates as an autonomous agency within the District of Columbia Government and is entrusted with overseeing elections, managing ballot access, and handling voter registration processes. "We have successfully breached the District of Columbia Board Of Elections and have gotten more than 600k lines of USA Voters," the threat actor says.