Security News

Microsoft says it's investigating claims that its GitHub account has been hacked, and while some say the leaked files appear to be legitimate, it's unlikely that they contain any sensitive information. Data breach monitoring and prevention service Under the Breach reported on Thursday that a hacker claimed to have obtained 500 GB of source code from Microsoft's private GitHub repositories.

Security firm Check Point has found evidence that a Chinese government-linked hacking group has been infiltrating and gathering information on governments from around the Asia-Pacific region for more than five years. The group, known as Naikon Advanced Persistent Threat was first discovered in 2015, and after a report went public that named one of its members the group went silent.

Foreign state hackers are trying to brute-force their way into pharmaceutical and medical research agencies hunting for a COVID-19 vaccine, British and American infosec agencies are warning. The National Cyber Security Centre and America's Cybersecurity and Infrastructure Security Agency cautioned of a "Password spraying" campaign targeting healthcare and medical research organisations.

The man accused of hacking LinkedIn, Dropbox and the Formspring Q&A forum, and later selling the stolen data of hundreds of millions of users, has seen his trial disrupted a third time by the coronavirus pandemic. At a hearing on Tuesday, Judge William Alsup again delayed the US trial of alleged Russian hacker Yevgeniy Nikulin until June 1; the third such delay since the COVID-19 virus appeared in San Francisco, where proceedings are unfolding.

The Supreme Court agreed Monday to decide a case from Georgia about the reach of a federal computer hacking law. The case involves Nathan Van Buren, who was a police sergeant in Cumming, Georgia.

Linksys has prompted users to reset passwords after learning that hackers were leveraging stolen credentials to change router settings and direct customers to malware. The security firm said at the time that the attack, which was mainly targeting Linksys routers, was aimed at modifying DNS IP addresses to ultimately direct users to the Oski infostealer.

The US government's Computer Emergency Response Team has posted a new report on the latest exploits of North Korea's Hidden Cobra hacking crews. The updated advisory details how the hacking groups believed to operate on behalf of the isolated government, have carried out various hacking operations in recent years in an effort to drum up cash for the sanctions-hit regime.

The United States Securities and Exchange Commission last week announced that it reached a settlement with two of the traders charged last year over their roles in a scheme that involved hacking the organization's EDGAR electronic filing system. The SEC revealed in September 2017 that a breach of its EDGAR system detected in 2016 had allowed hackers to obtain non-public information that was used by some traders to make a profit.

A white hat hacker says he has earned $75,000 from Apple for reporting several Safari vulnerabilities that can be exploited to hijack the camera and microphone of devices running iOS or macOS. Researcher Ryan Pickren identified a total of seven vulnerabilities in Apple's Safari web browser, three of which can be exploited to spy on users through the camera and microphone of their iPhone, iPad or Mac computer. Apple patched the vulnerabilities that allow hackers to spy on users in January, while the other flaws were fixed in March.

A team of cybersecurity researchers has discovered that a large number of mobile apps contain hardcoded secrets allowing others to access private data or block content provided by users. The study's findings: that the apps on mobile phones might have hidden or harmful behaviors about which end users know little to nothing, said Zhiqiang Lin, an associate professor of computer science and engineering at The Ohio State University and senior author of the study.