Security News
A Michigan man has been indicted for the 2014 hack of the University of Pittsburgh Medical Center's HR databases and theft of employees' personal information - information that he allegedly wound up selling on the dark web to crooks who used it to file thousands of bogus tax returns. The theft involved personally identifying information belonging to 65,000 employees from the medical center's PeopleSoft human resources management system.
Those running VMWare guest machines on Mac will want to update their software to get a security fix for VMware Tools. Earlier this month, Microsoft dropped its usual boatload of Patch Tuesday updates, sans a set for Office for Mac.
Threat intel researchers have uncovered a phishing and malware campaign that targeted "a large European aerospace company" and which was run by the same North Koreans behind the hack of Sony Pictures. While there are quite a few European aerospace firms, Slovakian infosec biz ESET was more concerned with the phishing 'n' malware campaign it detected on behalf of its unnamed client.
The hack stems simply from a lightbulb hanging in the home. In November, researchers discovered a new way to hack Alexa and Siri by pointing a laser light beam at the smart speakers' microphones to send them remote, inaudible commands.
A city in northern Alabama will pay a ransom worth $300,000 in Bitcoins in response to a hack of its computer system. Florence City Council voted unanimously at an emergency meeting Wednesday evening to make the payment from the city's insurance fund in an effort to preserve information tied to its city workers and customers, news outlets reported.
Japanese gaming giant Nintendo has admitted that hackers have breached 300,000 accounts since early April, gaining access to personal information such as birthdays and email addresses but not credit-card details. "We deeply apologise for causing trouble and worries to customers," Nintendo said in its statement, pledging to "Enhance security... to prevent this happening again."
Referred to as Dark Basin and linked to Indian company BellTroX InfoTech Services, the threat actor is believed to have targeted senior politicians, government prosecutors, CEOs, journalists, and human rights defenders, among others. "Dark Basin has a remarkable portfolio of targets, from senior government officials and candidates in multiple countries, to financial services firms such as hedge funds and banks, to pharmaceutical companies. Troublingly, Dark Basin has extensively targeted American advocacy organizations working on domestic and global issues. These targets include climate advocacy organizations and net neutrality campaigners," Citizen Lab notes.
Citizen Lab started its investigation into the 'Dark Basin' group in 2017 after it was contacted by a journalist targeted with phishing pages that were served via the self-hosted open-source Phurl URL shortener. "Dark Basin left copies of their phishing kit source code available openly online, as well as log files" that "Recorded every interaction with the credential phishing website, including testing activity carried out by Dark Basin operators," Citizen Lab said.
A hack-for-hire group, called Dark Basin, has been outed after targeting thousands of individuals and organizations worldwide - including advocacy groups and journalists, elected and senior government officials, and hedge funds - over the course of seven years. "Citizen Lab has notified hundreds of targeted individuals and institutions and, where possible, provided them with assistance in tracking and identifying the campaign," according to a report on Dark Basin released by Citizen Lab researchers on Tuesday.
Hackers are targeting German companies tasked with replenishing the nation's supply of personal protective equipment. The X-Force team believes that the corporation is being targeted specifically because of its status within the task force, and the phishing campaign is part of a larger effort by an unknown hacking crew to disrupt the PPE supply chain in Germany.