Security News

Russian national Egor Igorevich Kriuchkov has pleaded guilty to recruiting a Tesla employee to plant malware designed to steal data within the network of Tesla's Nevada Gigafactory. Kriuchkov also told the Tesla employee that he was earlier involved in other similar "Projects" where one of the victim companies paid $4 million after negotiating down from an initial $6 million ransom.

Blender.org, the official website of the popular 3D computer graphics software Blender, is now in maintenance mode according to a message displayed on the site. According to Blender, parts of the blender.org website and some of the blogs are still down and will remain offline for several hours.

It's looking like the exploitation of critical Exchange flaws that Microsoft revealed at the start of the month could be much worse than folks first suspected. An analysis by Slovak security shop ESET claims that six advanced criminal hacking groups, thought to have some level of state sponsorship, used the zero days to attack government and industry sites before the flaws were patched.

A senior US official said Friday the Biden administration is close to a decision on retaliation for state-sponsored hacking as fears grew over the fallout from the latest of two major cyberattacks. The official said the White House was working closely with the private sector to ramp up cyber defenses following the attacks which targeted Microsoft Exchange servers and SolarWinds security software, potentially compromising thousands of government and private computer networks.

More state-sponsored hacking groups have joined the ongoing attacks targeting tens of thousands of on-premises Exchange servers impacted by severe vulnerabilities tracked as ProxyLogon. Exchange servers attacked by multiple hacking groups.

Apple has released out-of-band patches for iOS, macOS, watchOS, and Safari web browser to address a security flaw that could allow attackers to run arbitrary code on devices via malicious web content. According to the update notes posted by Apple, the flaw stems from a memory corruption issue that could lead to arbitrary code execution when processing specially crafted web content.

An Idaho man faces federal charges after authorities say he hacked into the computers of a Georgia city and Atlanta area medical clinics. Robert Purbeck - who used online aliases Lifelock and Studmaster - was indicted Tuesday by a federal grand jury in Georgia, according to a news release from the U.S. attorney's office in Atlanta.

Interesting paper: "Shadow Attacks: Hiding and Replacing Content in Signed PDFs":. Abstract: Digitally signed PDFs are used in contracts and invoices to guarantee the authenticity and integrity of their content. A user opening a signed PDF expects to see a warning in case of any modification.

For the wider population, hacking has become synonymous with nefarious activities because - for the vast majority of people who experience it - it's in a criminal context. Regular Register readers can differentiate between criminal hackers who break the law and ruin people's lives, and hardware and software hackers who ingeniously lash together systems and perform miracles to get things running.

Since the beginning of this year, an unknown threat actor has been hacking cybercrime forums and leaking user data publicly or offering it for sale. In January, a threat actor announced on underground forum Raid Forums that they breached Verified, an established Russian-language cybercrime forum.