Security News

A Belgian security researcher has successfully hacked the SpaceX operated Starlink satellite-based internet system using a homemade circuit board that cost around $25 to develop, he revealed at Black Hat. Lennert Wouters revealed a voltage fault injection attack on a Starlink User Terminal-or satellite dish people use to access the system - that allowed him to break into the dish and explore the Starlink network from there, he revealed in a presentation called "Glitched on Earth by Humans" at the annual ethical hacker conference this week.

U.S. networking giant Cisco Systems has been hacked, the company confirmed on Wednesday, after Yanluowang ransomware operators claimed the attack on their leak site. According the Talos analysts, the attackers started by gaining control of a Cisco employee's personal Google account.

Cisco Systems revealed details of a May hack by the Yanluowang ransomware group that leveraged a compromised employee's Google account. "During the investigation, it was determined that a Cisco employee's credentials were compromised after an attacker gained control of a personal Google account where credentials saved in the victim's browser were being synchronized," wrote Cisco Talos in a lengthy breakdown of the attack.

Statistics collected by cyber-intelligence firm KELA during this year's second quarter show that marketplaces selling initial access to corporate networks have taken a blow. The average price for network access in the recent quarter was only $1,500, whereas, in Q1 '22, access to networks was sold at an average of $3,000, dropping the price by half.

Cisco confirmed today that the Yanluowang ransomware group breached its corporate network in late May and that the actor tried to extort them under the threat of leaking stolen files online. Last week, the threat actor behind the Cisco attack emailed BleepingComputer a directory listing of files allegedly stolen during the attack.

Email marketing firm Klaviyo suffered a data breach on August 3rd. Hackers gained access to internal systems after stealing an employee's credentials via a phishing attack. Hacker downloaded marketing lists used by cryptocurrency-related accounts, and for Klaviyo product and marketing updates.

Thousands of GitHub repositories were forked with their clones altered to include malware, a software engineer discovered today. While cloning open source repositories is a common development practice and even encouraged among developers, this case involves threat actors creating copies of legitimate projects but tainting these with malicious code to target unsuspecting developers with their malicious clones.

A former owner of a T-Mobile retail store in California has been found guilty of a $25 million scheme where he illegally accessed T-Mobile's internal systems to unlock and unblock cell phones. "From August 2014 to June 2019, Khudaverdyan fraudulently unlocked and unblocked cellphones on T-Mobile's network, as well as the networks of Sprint, AT&T and other carriers," details the announcement of the U.S. Department of Justice.

Threat actors are generating revenue by using adware bundles, malware, or even hacking into Microsoft SQL servers, to convert devices into proxies rented through online proxy services. To steal a device's bandwidth, the threat actors install software called 'proxyware' that allocates a device's available internet bandwidth as a proxy server that remote users can use for various tasks, like testing, intelligence collection, content distribution, or market research.

Threat actors have been adopting a less common method to generate revenue and are leveraging payloads to install proxyware services on target systems. Proxyware is a program that allows allocating available internet bandwidth over a proxy to users that need it for various tasks, like testing, intelligence collection, content distribution, or market research.