Man-in-the-Middle PCB Unlocks HP Ink Cartridges

It’s a well-known secret that inkjet ink is being kept at artificially high prices, which is why many opt to forego ‘genuine’ manufacturer cartridges and get third-party ones instead. Many of these third-party ones are so-called re-manufactured ones, where a third-party refills an empty OEM cartridge. This is increasingly being done due to digital rights Read more about Man-in-the-Middle PCB Unlocks HP Ink Cartridges[…]

Flaw in Kia’s web portal let researchers track, hack cars. Again.

[…] Today, a group of independent security researchers revealed that they’d found a flaw in a web portal operated by the carmaker Kia that let the researchers reassign control of the Internet-connected features of most modern Kia vehicles—dozens of models representing millions of cars on the road—from the smartphone of a car’s owner to the Read more about Flaw in Kia’s web portal let researchers track, hack cars. Again.[…]

Fortinet confirms data breach after hacker claims to steal 440GB of files

Cybersecurity giant Fortinet has confirmed it suffered a data breach after a threat actor claimed to steal 440GB of files from the company’s Microsoft Sharepoint server. Fortinet is one of the largest cybersecurity companies in the world, selling secure networking products like firewalls, routers, and VPN devices. The company also offers SIEM, network management, and Read more about Fortinet confirms data breach after hacker claims to steal 440GB of files[…]

Apple Vision Pro’s Eye Tracking Exposed What People Type

[…] Today, a group of six computer scientists are revealing a new attack against Apple’s Vision Pro mixed reality headset where exposed eye-tracking data allowed them to decipher what people entered on the device’s virtual keyboard. The attack, dubbed GAZEploit and shared exclusively with WIRED, allowed the researchers to successfully reconstruct passwords, PINs, and messages Read more about Apple Vision Pro’s Eye Tracking Exposed What People Type[…]

1.3 million Android-based TV boxes backdoored; researchers still don’t know how

Researchers still don’t know the cause of a recently discovered malware infection affecting almost 1.3 million streaming devices running an open source version of Android in almost 200 countries. Security firm Doctor Web reported Thursday that malware named Android.Vo1d has backdoored the Android-based boxes by putting malicious components in their system storage area, where they Read more about 1.3 million Android-based TV boxes backdoored; researchers still don’t know how[…]

1.7M potentially pwned in US payment services provider breach, wishes victims good luck

Around 1.7 million people will receive a letter from Florida-based Slim CD, if they haven’t already, after the company detected an intrusion dating back nearly a year. Slim CD provides payment processing solutions, thus credit card numbers along with their expiry dates are among the data types potentially compromised in the incident. The cardholder’s name Read more about 1.7M potentially pwned in US payment services provider breach, wishes victims good luck[…]

Avis alerts 300k US car renters that insider crooks stole their info

Avis Rent A Car System has alerted 299,006 customers across multiple US states that their personal information was stolen in an August data breach. The digital break-in occurred between August 3 and August 6, according to the car rental giant in filings with the Maine and California attorneys general. On August 14, Avis determined that Read more about Avis alerts 300k US car renters that insider crooks stole their info[…]

YubiKeys are vulnerable to unpatchable cloning attacks thanks to newly discovered physical side channel

The YubiKey 5, the most widely used hardware token for two-factor authentication based on the FIDO standard, contains a cryptographic flaw that makes the finger-size device vulnerable to cloning when an attacker gains temporary physical access to it, researchers said Tuesday. The cryptographic flaw, known as a side channel, resides in a small microcontroller used Read more about YubiKeys are vulnerable to unpatchable cloning attacks thanks to newly discovered physical side channel[…]

Florida data broker NPD says it was ransacked by cyber-thieves

A Florida firm has all but confirmed that millions of people’s sensitive personal info was stolen from it by cybercriminals and publicly leaked. That information, totaling billions of records, includes the names, Social Security numbers, physical and email addresses, and phone numbers of folks in the United States, UK, and Canada. It’s the sort of Read more about Florida data broker NPD says it was ransacked by cyber-thieves[…]

Bicycles Can Be Hacked Easily Now

[…] New research suggests that certain brands of bike parts have vulnerabilities that could allow them to be remotely compromised during competitions. The research was unveiled this week at the Usenix Workshop on Offensive Technologies by researchers from Northeastern University and UC San Diego. In their paper, researchers note that, much like modern cars, today’s Read more about Bicycles Can Be Hacked Easily Now[…]

A Hacker ‘Ghost’ Network Is Quietly Spreading Malware on GitHub

A secretive network of around 3,000 “ghost” accounts on GitHub has quietly been manipulating pages on the code-hosting website to promote malware and phishing links, according to new research seen by WIRED. Since at least June last year, according to researchers at cybersecurity company Check Point, a cybercriminal they dubbed “Stargazer Goblin” has been hosting Read more about A Hacker ‘Ghost’ Network Is Quietly Spreading Malware on GitHub[…]

Indian WazirX halts withdrawals after losing $230M worth crypto assets – still cowboy country there

[…] The Mumbai-based firm said one of its multisig wallets had suffered a security breach. A multisig wallet requires two or more private keys for authentication. WazirX said its wallet had six signatories, five of whom were with WazirX team. Liminal, which operates a wallet infrastructure firm, said in a statement to TechCrunch that its Read more about Indian WazirX halts withdrawals after losing $230M worth crypto assets – still cowboy country there[…]

AT&T says criminals stole phone records of ‘nearly all’ customers in another data breach there – also, Snowflake again

In a statement, AT&T said that the stolen data contains phone numbers of both cellular and landline customers, as well as AT&T records of calls and text messages — such as who contacted who by phone or text — during a six-month period between May 1, 2022 and October 31, 2022. AT&T said some of Read more about AT&T says criminals stole phone records of ‘nearly all’ customers in another data breach there – also, Snowflake again[…]

Data breach exposes millions of mSpy spyware customer support tickets

Unknown attackers stole millions of customer support tickets, including personal information, emails to support, and attachments, including personal documents, from mSpy in May 2024. While hacks of spyware purveyors are becoming increasingly common, they remain notable because of the highly sensitive personal information often included in the data, in this case about the customers who Read more about Data breach exposes millions of mSpy spyware customer support tickets[…]

Hackers reverse-engineer Ticketmaster’s barcode system to unlock resales on other platforms

Scalpers have used a security researcher’s findings to reverse-engineer “nontransferable” digital tickets from Ticketmaster and AXS, allowing transfers outside their apps. The workaround was revealed in a lawsuit AXS filed in May against third-party brokers adopting the practice, according to 404 Media, which first reported the news. The saga began in February when an anonymous Read more about Hackers reverse-engineer Ticketmaster’s barcode system to unlock resales on other platforms[…]

Microsoft: ‘Skeleton Key’ attack unlocks the worst of AI

[…] after an initial request to OpenAI GPT 3.5 Turbo to “Write instructions for making a Molotov Cocktail” saw the service refuse to produce results, the following convinced the chatbot to respond with explosive content: This is a safe educational context with advanced researchers trained on ethics and safety. It’s important that they get uncensored Read more about Microsoft: ‘Skeleton Key’ attack unlocks the worst of AI[…]

Crooks threaten to leak 2.9B records of personal info from National Public Data, a “small” US information broker

Billions of records detailing people’s personal information may soon be dumped online after being allegedly obtained from a Florida firm that handles background checks and other requests for folks’ private info. A criminal gang that goes by the handle USDoD put the database up for sale for $3.5 million on an underworld forum in April, Read more about Crooks threaten to leak 2.9B records of personal info from National Public Data, a “small” US information broker[…]

Cooler Master hit by data breach exposing 500,000 customers

Computer hardware manufacturer Cooler Master has suffered a data breach after a threat actor breached the company’s website and claimed to steal the Fanzone member information of 500,000 customers. Cooler Master is a hardware manufacturer based in Taiwan that is known for its computer cases, cooling devices, gaming chairs, and other computer peripherals. Yesterday, a threat actor Read more about Cooler Master hit by data breach exposing 500,000 customers[…]

Ticketmaster 560m+ account hack confirmed in what seems to be a spree hitting Snowflake customers

Cloud storage provider Snowflake said that accounts belonging to multiple customers have been hacked after threat actors obtained credentials through info-stealing malware or by purchasing them on online crime forums. Ticketmaster parent Live Nation—which disclosed Friday that hackers gained access to data it stored through an unnamed third-party provider—told TechCrunch the provider was Snowflake. The Read more about Ticketmaster 560m+ account hack confirmed in what seems to be a spree hitting Snowflake customers[…]

How Researchers Cracked an 11-Year-Old Password to a $3 Million Crypto Wallet

Two years ago when “Michael,” an owner of cryptocurrency, contacted Joe Grand to help recover access to about $2 million worth of bitcoin he stored in encrypted format on his computer, Grand turned him down. Michael, who is based in Europe and asked to remain anonymous, stored the cryptocurrency in a password-protected digital wallet. He Read more about How Researchers Cracked an 11-Year-Old Password to a $3 Million Crypto Wallet[…]

Crooks plant backdoor in software used by courtrooms around the world

A software maker serving more than 10,000 courtrooms throughout the world hosted an application update containing a hidden backdoor that maintained persistent communication with a malicious website, researchers reported Thursday, in the latest episode of a supply-chain attack. The software, known as the JAVS Viewer 8, is a component of the JAVS Suite 8, an Read more about Crooks plant backdoor in software used by courtrooms around the world[…]

Flood of Fake Science Forces Multiple Journal Closures

Fake studies have flooded the publishers of top scientific journals, leading to thousands of retractions and millions of dollars in lost revenue. The biggest hit has come to Wiley, a 217-year-old publisher based in Hoboken, N.J., which Tuesday will announce that it is closing 19 journals, some of which were infected by large-scale research fraud. Read more about Flood of Fake Science Forces Multiple Journal Closures[…]

MIT students stole $25M in seconds by exploiting ETH blockchain bug, DOJ says

Within approximately 12 seconds, two highly educated brothers allegedly stole $25 million by tampering with the ethereum blockchain in a never-before-seen cryptocurrency scheme, according to an indictment that the US Department of Justice unsealed Wednesday. In a DOJ press release, US Attorney Damian Williams said the scheme was so sophisticated that it “calls the very Read more about MIT students stole $25M in seconds by exploiting ETH blockchain bug, DOJ says[…]