Security News
T-Mobile disclosed a new data breach after a threat actor stole the personal information of 37 million current postpaid and prepaid customer accounts through one of its Application Programming...
Cybersecurity researchers have discovered a new malicious package on the Python Package Index repository that impersonates a software development kit for SentinelOne, a major cybersecurity company, as part of a campaign dubbed SentinelSneak. "The SentinelOne imposter package is just the latest threat to leverage the PyPI repository and underscores the growing threat to software supply chains, as malicious actors use strategies like 'typosquatting' to exploit developer confusion and push malicious code into development pipelines and legitimate applications," ReversingLabs threat researcher Karlo Zanki said in a report shared with The Hacker News.
Cybercriminals using Prynt Stealer to collect data from victims are being swindled by the malware developer, who also receives a copy of the info over Telegram messaging service. Prynt Stealer can steal cryptocurrency wallet information, sensitive info stored in web browsers, VPN account data, cloud gaming account details.
The Iranian government-backed actor known as Charming Kitten has added a new tool to its malware arsenal that allows it to retrieve user data from Gmail, Yahoo!, and Microsoft Outlook accounts. Dubbed HYPERSCRAPE by Google Threat Analysis Group, the actively in-development malicious software is said to have been used against less than two dozen accounts in Iran, with the oldest known sample dating back to 2020.
Hospitals and Health Care group has disconnected all incoming and outgoing Internet connections after discovering they suffered a cyberattack that resulted in the theft of sensitive administrative and patient data. The cyberattack occurred on April 19th and affected the CHs of Vitry-le-François and Saint-Dizier, causing GHT to disconnect Internet connections to the hospitals to prevent the attack's spread and further data theft.
A newly discovered data exfiltration mechanism employs Ethernet cables as a "Transmitting antenna" to stealthily siphon highly-sensitive data from air-gapped systems, according to the latest research. Dubbed "LANtenna Attack," the novel technique enables malicious code in air-gapped computers to amass sensitive data and then encode it over radio waves emanating from Ethernet cables just as if they are antennas.
A threat actor claims to have hacked T-Mobile's servers and stolen databases containing the personal data of approximately 100 million customers. The alleged data breach first surfaced on a hacking forum yesterday after the threat actor claimed to be selling a database for six bitcoin containing birth dates, driver's license numbers, and social security numbers for 30 million people.
Academics from three German universities have found a vulnerability in the Transport Layer Security protocol that under limited circumstances allows the theft of session cookies and enables cross-site scripting attacks. Because TLS does not bind TCP connections to the desired application layer protocol, there's an opportunity for a miscreant-in-the-middle attack to redirect TLS traffic to a different endpoint at another IP address or port.
Polish game developer CD Projekt Red has been hit by hackers, who breached its internal network, stole data, encrypted some devices, and asked for a ransom to not sell of leak online sensitive company documents and the source code of some of their more popular games. The company categorized the attack as targeted, and admitted that the attacker managed to access the company's internal network and "Collected certain data belonging to CD PROJEKT capital group."
A recently discovered Mobile Remote Access Trojan can take control of the infected Android devices and exfiltrate a trove of user data, Check Point security researchers warn. Dubbed Rogue, the Trojan is the work of Triangulum and HeXaGoN Dev, known Android malware authors that have been selling their malicious products on underground markets for several years.