Security News

Report the hack to your customers and business stakeholders. The disaster recovery plan outlines the steps needed to operate the business with degraded systems or missing business-critical data.

The United States Department of Justice this week announced the sentencing of a Russian national for his role in a group that attempted to obtain $1.5 million in tax refunds from the Department of the Treasury. According to court documents, between June 2014 and November 2016, Bogdanov and co-conspirators hacked into the computers of private tax preparation firms in the US and stole personally identifiable information, including Social Security numbers and dates of birth.

The owner of the AirTag that called home can decrypt the location in the Find My message, but has no idea which relay device passed the message on. By limiting the length of the hidden message and repeating the same Bluetooth "Public keys" over and over again, Bräunlein's hope was that eventually a complete copy of all the data packets containing the hidden data might make it to Apple.

Apple recently announced a tracking device that it calls the AirTag, a new competitor in the "Smart label" product category. Products like the AirTag also announce themselves with regular Bluetooth beaconing transmissions, just like your phone does when it's in discoverable mode.

Security researchers Ralf-Philipp Weinmann of Kunnamon, Inc. and Benedikt Schmotzle of Comsecuris GmbH have found remote zero-click security vulnerabilities in an open-source software component used in Tesla automobiles that allowed them to compromise parked cars and control their infotainment systems over WiFi. It would be possible for an attacker to unlock the doors and trunk, change seat positions, both steering and acceleration modes - in short, pretty much what a driver pressing various buttons on the console can do.

Two researchers have shown how a Tesla - and possibly other cars - can be hacked remotely without any user interaction. The analysis was initially carried out for the Pwn2Own 2020 hacking competition - the contest offered a car and other significant prizes for hacking a Tesla - but the findings were later reported to Tesla through its bug bounty program after Pwn2Own organizers decided to temporarily eliminate the automotive category due to the coronavirus pandemic.

Bank holding company First Horizon Corporation disclosed the some of its customers had their online banking accounts breached by unknown attackers earlier this month. First Horizon Bank, the company's banking subsidiary, operates a network of hundreds of bank locations in 12 states across the Southeast.

Popular hacking forum OGUsers has been hacked for its fourth time in two years, with hackers now selling the site's database containing user records and private messages. OGUsers is a hacking forum known for the sale of stolen social media accounts hacked through SIM-swapping attacks, credential stuffing attacks, and other means.

Click Studios, the company behind the Passwordstate enterprise password manager, notified customers that attackers compromised the app's update mechanism to deliver malware in a supply-chain attack after breaching its networks. Passwordstate is an on-premises password management solution used by over 370,000 security and IT professionals at 29,000 companies worldwide, as the company claims.

Cellebrite's forensic applications do not include the type of security protections one would expect from a parsing software, which renders them susceptible to attacks, according to privacy-focused messaging service Signal. Cellebrite claims to have thousands of customers in over 140 countries.