Security News

A newly uncovered Emotet malware sample has the ability to spread to insecure Wi-Fi networks that are located nearby to an infected device. If the malware can spread to these nearby Wi-Fi networks, it then attempts to infect devices connected to them - a tactic that can rapidly escalate Emotet's spread, said researchers.

In the 7 years since, threats have become exponentially more advanced, launched by well-funded cyber-criminal groups and nation-state proxies and leveraging automation and AI. And yet the people hacking into Ring cameras weren't highly-technical or using AI. They were Script Kiddies using credentials found and traded on the Dark Web to access devices that did not use 2FA or other additional security mechanisms. As a threat analyst, I have helped companies identify hundreds of IoT devices, from insecure smart refrigerators and CCTV cameras, to compromised video conferencing systems and biometric scanners.

Long-suffering Yahoo! customers may finally get some compensation for having their personal details exposed to hackers not once, not twice, not three times, nor four times, but five times between 2012 and 2016. The proposed $117.5m settlement from the US class-action lawsuit brought back when Yahoo! actually existed is headed toward its final approval by a judge.

According to the confidential document, at least 42 U.N. servers were compromised in Geneva and Vienna, potentially exposing staff personnel data and sensitive documents for other organizations collaborating with the U.N. "Although it is unclear what documents and data the hackers obtained in the 2019 incident, the report implies that internal documents, databases, emails, commercial information and personal data may have been available to the intruders - sensitive data that could have far-reaching repercussions for staff, individuals and organisations communicating with and doing business with the U.N.," Ben Parker, with The New Humanitarian, said on Wednesday. Servers in three separate locations were compromised: the U.N. office at Vienna; the U.N. office at Geneva; and the U.N. Office of the High Commissioner for Human Rights headquarters, also in Geneva.

The United Nations' European headquarters in Geneva and Vienna were hacked last summer, putting thousands of staff records at miscreants' fingertips. Despite the size and extent of the hack, the UN decided to keep it secret.

The United Nations headquarters in New York as well as the U.N.'s sprawling Palais des Nations compound in Geneva, its European headquarters, did not immediately respond to questions from the AP about the incident. The internal document from the U.N. Office of Information and Technology said 42 servers were "Compromised" and another 25 were deemed "Suspicious," nearly all at the sprawling United Nations offices in Geneva and Vienna.

Those two forces are, one, individual social media users and, second, the engagement algorithms used by social media platforms. Social media algorithms can be used to magnify a troll's message and promote the re-sharing of a message that appeals to a niche corner of a social media platform.

A cyberattack disclosed recently by Mitsubishi Electric, which resulted in hackers gaining access to the company's network and stealing corporate data, likely involved exploitation of a vulnerability in Trend Micro's OfficeScan product. Mitsubishi Electric is a top contractor for Japan's military and infrastructure, but the company said in its data breach notice that no infrastructure-related information was impacted in the hack.

Motherboard obtained and published the technical report on the hack of Jeff Bezos's phone, which is being attributed to Saudi Arabia, specifically to Crown Prince Mohammed bin Salman. "[W]ithin hours of the encrypted downloader being received, a massive and unauthorized exfiltration of data from Bezos' phone began, continuing and escalating for months thereafter," the report states.

A forensic investigation commissioned by Bezos concludes claims to have uncovered the May 2018 hack attack. Bin Salman sent Bezos a large video file on May 1, 2018, which FTI describes as "Arriving unexpectedly and without explanation," as if people routinely warn their friends that they're about to send a video attachment.