Security News

Leading cybersecurity company FireEye disclosed today that it was hacked by a threat actor showing all the signs of a state-sponsored hacking group. The attackers were able to steal Red Team assessment tools FireEye uses to test customers' security and designed to mimic tools used by many cyber threat actors.

For at least the third time in its existence, OGUsers - a forum overrun with people looking to buy, sell and trade access to compromised social media accounts - has been hacked. Roughly a week ago, the OGUsers homepage was defaced with a message stating the forum's user database had been compromised.

Researchers have demonstrated for the third time how hacking into the key fob of a Tesla can allow someone to access and steal the car in minutes. Researchers from the Computer Security and Industrial Cryptography, an Imec research group at the University of Leuven in Belgium, have "Discovered major security flaws" in the key fob of the Tesla Model X, the small device that allows someone to automatically unlock the car by approaching the vehicle or pressing a button.

Hackers have been attempting to gain access to Spotify accounts using a database of 380 million records with login credentials and personal information collected from various sources. For years, users have complained that their Spotify accounts were hacked after passwords were changed, new playlists would appear in their profiles, or their family accounts had strangers added from other countries.

Researchers at the University of Leuven in Belgium found vulnerabilities in the keyless entry system of the Tesla Model X that would have allowed attackers to steal the $100,000 car within just a few minutes. The security bugs allowed taking full control of the key fob and of the car by remotely updating the Tesla Model X's BLE chip with specially crafted firmware.

The Lazarus cybercriminal group is using a novel supply-chain attack against visitors to websites operated by the South Korean government and financial firms, in order to deliver dropper malware that eventually plants a remote access trojan on victim's PCs. The attacks use stolen digital certificates from two security firms, which allow Lazarus operators to corrupt a browser plug-in designed to protect users from being hacked. In this attack the Lazarus Group, notorious for its 2014 Sony Pictures Entertainment hack, exploits security software made by Wizvera.

Students at two suburban Chicago school districts were exposed to hate speech and lewd material this week after hackers apparently infiltrated both districts' websites, school officials said. Police were investigating Wednesday's incidents that targeted the Maine Township High School District 207 and Niles Township High School District 219 - both of which have ethnically and racially diverse student populations, the Pioneer Press suburban newspaper group reported.

Animal Jam, just the latest in a string of attacks on gaming apps, has adopted a transparent communications strategy after stolen data turned up on a criminal forum. The company behind the wildly popular kids' game Animal Jam has announced that hackers stole a menagerie of account records during a breach of a third-party vendor's server in October - more than 46 million of them, in fact.

Bug bounty hunters have hacked routers, network-attached storage devices and smart TVs at the Zero Day Initiative's Pwn2Own Tokyo 2020 hacking competition. Due to the COVID-19 pandemic, the competition has been turned into a virtual event and Pwn2Own Tokyo is actually coordinated by Trend Micro's ZDI from Toronto, Canada, with participants demonstrating their exploits remotely.

Multiple software products from Adobe, Apple, Google, Microsoft, Mozilla, and Samsung were successfully pwned with previously unseen exploits in Tianfu Cup 2020, the third edition of the international cybersecurity contest held in the city of Chengdu, China. "Many mature and hard targets have been pwned on this year's contest," the event organizers said.