Security News

The NetGalley book promotion site has suffered a data breach that allowed threat actors to access a database with members' personal information. NetGalley is a website that allows authors and publishers to promote digital review copies of their books to book advocates, influential readers, and industry professionals in the hopes that they will recommend the books to their audience.

A recently observed Pegasus spyware infection campaign targeting tens of Al Jazeera journalists leveraged an iMessage zero-click, zero-day exploit for infection. Cybersecurity firms and human rights organizations have detailed multiple malicious attacks involving Pegasus, many of them targeting journalists and human rights activities.

British cryptocurrency exchange EXMO has disclosed that unknown attackers withdrew almost 5% of its total assets after compromising its hot wallets. Hot wallets are Internet-connected and are used by exchanges to temporarily store assets for ongoing transactions and transfers unlike cold wallets which have no Internet connection.

Three dozen journalists working for Al Jazeera had their iPhones stealthily compromised via a zero-click exploit to install spyware as part of a Middle East cyberespionage campaign. In a new report published yesterday by University of Toronto's Citizen Lab, researchers said personal phones of 36 journalists, producers, anchors, and executives at Al Jazeera, and a journalist at London-based Al Araby TV were infected with Pegasus malware via a now-fixed flaw in Apple's iMessage.

It's going to take months to kick elite hackers widely believed to be Russian out of the U.S. government networks they have been quietly rifling through since as far back as March in Washington's worst cyberespionage failure on record. Experts say there simply are not enough skilled threat-hunting teams to duly identify all the government and private-sector systems that may have been hacked.

An analysis of the infrastructure and the malware involved in the attack targeting SolarWinds indicates that the Texas-based IT management and monitoring company was hacked at least one year prior to the discovery of the breach. An analysis of the threat actor's infrastructure conducted by threat intelligence company DomainTools, which specializes in DNS and domain analysis, suggests that SolarWinds was breached at some point in 2019.

A list of dozens of online stores hacked by a web skimming group was inadvertently leaked by a dropper used to deploy a stealthy remote access trojan on compromised e-commerce sites. Researchers at Sansec, a security company focused on protecting e-commerce stores from web skimming attacks, said that the malware was delivered in the form of a 64-bit ELF executable with the help of a PHP-based malware dropper.

America's nuclear weapons agency was hacked by the suspected Russian spies who backdoored SolarWinds' IT monitoring software and compromised several US government bodies, and Microsoft was caught up in the same cyber-storm, too, it was reported Thursday. The Windows giant uses SolarWinds' network management suite Orion, downloads of which were secretly trojanized earlier this year so that when installed within certain targets - such as the US government departments of State, Treasury, Homeland Security, and Commerce - the malicious code's masterminds could slip into their victims' networks, execute commands, read emails, steal data, and so on.

The Energy Department and its National Nuclear Security Administration, which is the agency that maintains the U.S. nuclear stockpile, have been compromised as part of the widespread cyberattack uncovered this week stemming from the massive SolarWinds hack. An exclusive report by Politico cited DoE official sources who said that their department was infiltrated by the cyberattackers, including hits on the NNSA; the Federal Energy Regulatory Commission which has oversight for the entire department; the Sandia and Los Alamos national laboratories in Washington and New Mexico; and the Richland Field Office of the DoE. The DoE confirmed its compromise on Friday.

Renewable electricity and gas supplier People's Energy has told its 250,000-plus customers that a "Gap" in the security of its IT system was exploited by digital burglars. The British company's co-founders Karin Sode and David Pike wrote to customers on Thursday morning to confirm that "Yesterday People's Energy was affected by a cyber security data breach."