Security News

Singapore cable, internet and mobile phone provider StarHub is in the process of notifying 57,191 customers via email that they are victims of a cyber attack that leaked national identity card numbers, mobile numbers and email addresses. The data breach was discovered on July 6 but was not announced until August 6th. StarHub told The Register via email that the company suspects the stolen data file was found within a day of it being uploaded to the third-party web site.

Someone has leaked the master decryption key that Kaseya used to unlock the files encrypted by a REvil ransomware attack on the company that affected customers across 22 countries last month. While it was first thought that the key could unlock all of the REvil attacks that occurred at the same time as the Kaseya one, it soon became clear to researchers that the decryptor - which appeared to some to be genuine - was only for the files locked in the Kaseya attack.

The universal decryption key for REvil's attack on Kaseya's customers has been leaked on hacking forums allowing researchers their first glimpse of the mysterious key. On July 22nd, Kaseya obtained a universal decryption key for the ransomware attack from a mysterious "Trusted third party" and began distributing it to affected customers.

A threat actor is promoting a new criminal carding marketplace by releasing one million credit cards stolen between 2018 and 2019 on hacking forums. Carding is the trafficking and use of stolen credit cards.

Classified files apparently leaked from a cyber unit of the Iranian government show that Iran is looking to improve its offensive cyber capabilities, including for targeting industrial control systems. British news outlet Sky News managed to obtain five internal reports - all marked "Very confidential" - that seem to originate from the Islamic Revolutionary Guard Corps' Shahid Kaveh, a secret offensive cyber unit.

WireGuard, a high performance and easily configured VPN protocol, is getting a native port from Linux to the Windows kernel, and the code has been published as experimental work in progress. A WireGuard implementation for Windows already exists and can be found here, based on what Jason A Donenfeld, the creator of WireGuard, called "a generic TUN driver we developed called Wintun" and a cross-platform Go codebase called wireguard-go.

Saudi Arabia's state oil giant acknowledged Wednesday that leaked data from the company - files now apparently being used in a cyber-extortion attempt involving a $50 million ransom demand - likely came from one of its contractors. The Saudi Arabian Oil Co., better known as Saudi Aramco, told The Associated Press that it "Recently became aware of the indirect release of a limited amount of company data which was held by third-party contractors."

Israeli-based NSO Group is being blasted in a groundbreaking report that alleges that the company's controversial Pegasus malware is being used to target activists, journalists, business executives and politicians on a widespread level, using a variety of exploits - including a zero-click zero-day in iOS. A consortium of journalists leveled the allegations in a report called Pegasus Project, which was published Sunday. It examined leaked data from the NSO Group, which revealed a cache of more than 50,000 mobile phone numbers worldwide that the firm was storing, according to the report published by the Guardian newspaper.

PoC for critical Windows Print Spooler flaw leakedMicrosoft has confirmed that the so-called PrintNightmare vulnerability is not the same flaw as the previously patched CVE-2021-1675, and that the leaked PoC exploits can be used to exploit this RCE zero-day. Cisco security devices targeted with CVE-2020-3580 PoC exploitAttackers and bug hunters are leveraging an exploit for CVE-2020-3580 to compromise vulnerable security devices running Cisco ASA or FTD software.

A leaked tool used by the Babuk Locker operation to create custom ransomware executables is now being used by another threat actor in a very active campaign targeting victims worldwide. Babuk Locker was a ransomware operation that launched at the beginning of 2021 when it began targeting corporate victims and stealing their data in double-extortion attacks.