Security News
The leak of the LockBit 3.0 ransomware builder last year has led to threat actors abusing the tool to spawn new variants. Russian cybersecurity company Kaspersky said it detected a ransomware intrusion that deployed a version of LockBit but with a markedly different ransom demand procedure.
The incident, Tesla disclosed in a data breach notification with the state of Maine and accompanying letter [PDF] to those affected, was the fault of two Tesla employees whom it alleged stole the info before sharing it with German business news outlet Handelsblatt. The 100GB of data it received from the leakers, which Handelsblatt has dubbed the "Tesla files," includes an "Abundance" of customer data, and PII for more than 100,000 Tesla employees - including Elon Musk.
A man was arrested in Northern Ireland for suspected Collection of Terrorist Information following an incident where police mistakenly leaked details that identified 10,000 serving officers, but he has now been released on bail. The information was leaked when police posted a spreadsheet online listing the surnames and initials of 10,000 serving officers in the Police Service of Northern Ireland, plus civilian staff members.
Japan's digital minister has doubled down on a June promise to penalize himself for the poor rollout of the country's digital ID, My Number Card, by offering up three months salary on Tuesday. The interim report reportedly revealed a lack of knowledge among the public on how to link their My Number Card to disability records, cases of health insurance being connected to the wrong card, and errors in pension records of public servants.
Norfolk and Suffolk police have stepped forward to admit that a "Technical issue" resulted in raw data pertaining to crime reports accidentally being included in Freedom of Information responses. "A technical issue has led to some raw data belonging to the constabularies being included within the files produced in response to the FoI requests in question. The data was hidden from anyone opening the files, but it should not have been included."
Downfall Vulnerability Affects Millions of Intel CPUs With Strong Data Leak Impact Learn technical details about this newly disclosed security vulnerability, as well as mitigation recommendations from the Google researcher who discovered it. Google researcher Daniel Moghimi discovered a new vulnerability affecting millions of Intel chip models.
AMD processor users, you have another data-leaking vulnerability to deal with: like Zenbleed, this latest hole can be to steal sensitive data from a running vulnerable machine. Inception utilizes a previously disclosed vulnerability alongside a novel kind of transient execution attack, which the researchers refer to as training in transient execution, to leak information from an operating system kernel at a rate of 39 bytes per second on vulnerable hardware.
Researchers have discovered a new and powerful transient execution attack called 'Inception' that can leak privileged secrets and data using unprivileged processes on all AMD Zen CPUs, including the latest models. Researchers at ETH Zurich have now combined an older technique named 'Phantom speculation' with a new transient execution attack called 'Training in Transient Execution' to create an even more powerful 'Inception' attack.
The Clop ransomware gang has once again altered extortion tactics and is now using torrents to leak data stolen in MOVEit attacks. On June 14th, the ransomware gang began extorting its victims, slowly adding names to their Tor data leak site and eventually publicly releasing the files.
The Hawaiʻi Community College has admitted that it paid a ransom to ransomware actors to prevent the leaking of stolen data of approximately 28,000 people. On June 19th, 2023, the relatively new NoEscape ransomware gang listed UH on its extortion portal, threatening to publish 65 GB of stolen data in a week if a ransom was not paid.