Security News

Unpatched MS Office flaw may leak NTLM hashes to attackers (CVE-2024-38200)
2024-08-12 10:23

A new MS Office zero-day vulnerability can be exploited by attackers to grab users' NTLM hashes, Microsoft has shared late last week. Once attackers get a victim's NTLM hash, they can relay it another service and authenticate as the victim.

Hackers leak 2.7 billion data records with Social Security numbers
2024-08-11 14:17

Almost 2.7 billion records of personal information for people in the United States were leaked on a hacking forum, exposing names, social security numbers, all known physical addresses, and...

Fortune 50 biz coughed up record-breaking $75M ransom to halt leak of stolen data
2024-08-02 12:03

An unnamed Fortune 50 corporation paid a stonking $75 million to a ransomware gang to stop it leaking terabytes of stolen data. In September 2023, Dark Angels used a RagnarLocker variant to encrypt international conglomerate Johnson Controls' data, and demanded a $51 million ransom.

Secure Boot useless on hundreds of PCs from major vendors after key leak
2024-07-29 01:58

Infosec in brief Protecting computers' BIOS and the boot process is essential for modern security - but knowing it's important isn't the same as actually taking steps to do it. Take the research published last week by security boffins at firmware security vendor Binarily.

BreachForums v1 database leak is an OPSEC test for hackers
2024-07-24 04:00

The entire database for the notorious BreachForums v1 hacking forum was released on Telegram Tuesday night, exposing a treasure trove of data, including members' information, private messages,...

Windows 10 KB5040525 fixes WDAC issues causing app failures, memory leak
2024-07-23 21:48

Microsoft has released the July 2024 preview update for Windows 10, version 22H2, with fixes for Windows Defender Application Control issues causing app crashes and system memory exhaustion. KB5040525 is a monthly optional cumulative update that helps Windows administrators test fixes and improvements that will be included with the August 2024 Patch Tuesday release.

BreachForums v1 hacking forum data leak exposes members’ info
2024-07-23 19:24

The private member information of the BreachForums v1 hacking forum from 2022 has been leaked online, allowing threat actors and researchers to gain insight into its users. [...]

GitHub Token Leak Exposes Python's Core Repositories to Potential Attacks
2024-07-15 16:18

Cybersecurity researchers said they discovered an accidentally leaked GitHub token that could have granted elevated access to the GitHub repositories of the Python language, Python Package Index, and the Python Software Foundation repositories. JFrog, which found the GitHub Personal Access Token, said the secret was leaked in a public Docker container hosted on Docker Hub.

Hackers leak 39,000 print-at-home Ticketmaster tickets for 154 events
2024-07-08 21:39

In an ongoing extortion campaign against Ticketmaster, threat actors have leaked almost 39,000 print-at-home tickets for 150 upcoming concerts and events, including Pearl Jam, Phish, Tate McCrae,...

Hackers leak alleged Taylor Swift tickets, amp up Ticketmaster extortion
2024-07-05 17:05

Hackers have leaked what they claim is Ticketmaster barcode data for 166,000 Taylor Swift Eras Tour tickets, warning that more events would be leaked if a $2 million extortion demand is not paid. Ticketmaster later confirmed the data breach, which they ultimately stated was from their account on Snowflake, a cloud-based data warehousing company used by the enterprise to store databases, process data, and perform analytics.