Crooks threaten to leak 2.9B records of personal info from National Public Data, a “small” US information broker

Billions of records detailing people’s personal information may soon be dumped online after being allegedly obtained from a Florida firm that handles background checks and other requests for folks’ private info. A criminal gang that goes by the handle USDoD put the database up for sale for $3.5 million on an underworld forum in April, Read more about Crooks threaten to leak 2.9B records of personal info from National Public Data, a “small” US information broker[…]

Cooler Master hit by data breach exposing 500,000 customers

Computer hardware manufacturer Cooler Master has suffered a data breach after a threat actor breached the company’s website and claimed to steal the Fanzone member information of 500,000 customers. Cooler Master is a hardware manufacturer based in Taiwan that is known for its computer cases, cooling devices, gaming chairs, and other computer peripherals. Yesterday, a threat actor Read more about Cooler Master hit by data breach exposing 500,000 customers[…]

Ticketmaster 560m+ account hack confirmed in what seems to be a spree hitting Snowflake customers

Cloud storage provider Snowflake said that accounts belonging to multiple customers have been hacked after threat actors obtained credentials through info-stealing malware or by purchasing them on online crime forums. Ticketmaster parent Live Nation—which disclosed Friday that hackers gained access to data it stored through an unnamed third-party provider—told TechCrunch the provider was Snowflake. The Read more about Ticketmaster 560m+ account hack confirmed in what seems to be a spree hitting Snowflake customers[…]

How Researchers Cracked an 11-Year-Old Password to a $3 Million Crypto Wallet

Two years ago when “Michael,” an owner of cryptocurrency, contacted Joe Grand to help recover access to about $2 million worth of bitcoin he stored in encrypted format on his computer, Grand turned him down. Michael, who is based in Europe and asked to remain anonymous, stored the cryptocurrency in a password-protected digital wallet. He Read more about How Researchers Cracked an 11-Year-Old Password to a $3 Million Crypto Wallet[…]

Crooks plant backdoor in software used by courtrooms around the world

A software maker serving more than 10,000 courtrooms throughout the world hosted an application update containing a hidden backdoor that maintained persistent communication with a malicious website, researchers reported Thursday, in the latest episode of a supply-chain attack. The software, known as the JAVS Viewer 8, is a component of the JAVS Suite 8, an Read more about Crooks plant backdoor in software used by courtrooms around the world[…]

Flood of Fake Science Forces Multiple Journal Closures

Fake studies have flooded the publishers of top scientific journals, leading to thousands of retractions and millions of dollars in lost revenue. The biggest hit has come to Wiley, a 217-year-old publisher based in Hoboken, N.J., which Tuesday will announce that it is closing 19 journals, some of which were infected by large-scale research fraud. Read more about Flood of Fake Science Forces Multiple Journal Closures[…]

MIT students stole $25M in seconds by exploiting ETH blockchain bug, DOJ says

Within approximately 12 seconds, two highly educated brothers allegedly stole $25 million by tampering with the ethereum blockchain in a never-before-seen cryptocurrency scheme, according to an indictment that the US Department of Justice unsealed Wednesday. In a DOJ press release, US Attorney Damian Williams said the scheme was so sophisticated that it “calls the very Read more about MIT students stole $25M in seconds by exploiting ETH blockchain bug, DOJ says[…]

Dell hack but who Dell didn’t think it was a big deal now includes customer phone numbers

The person who claimed to have stolen the physical addresses of 49 million Dell customers appears to have taken more data from a different Dell portal, TechCrunch has learned. The newly compromised data includes names, phone numbers and email addresses of Dell customers. This personal data is contained in customer “service reports,” which also include Read more about Dell hack but who Dell didn’t think it was a big deal now includes customer phone numbers[…]

Dell customer order database stolen, 49m records for sale on dark web

Dell has confirmed information about its customers and their orders has been stolen from one of its portals. Though the thief claimed to have swiped 49 million records, which are now up for sale on the dark web, the IT giant declined to say how many people may be affected. According to the US computer Read more about Dell customer order database stolen, 49m records for sale on dark web[…]

‘ArcaneDoor’ Cyberspies Hacked Cisco Firewalls to Access Government Networks

[…] Cisco is now revealing that its firewalls served as beachheads for sophisticated hackers penetrating multiple government networks around the world. On Wednesday, Cisco warned that its so-called Adaptive Security Appliances—devices that integrate a firewall and VPN with other security features—had been targeted by state-sponsored spies who exploited two zero-day vulnerabilities in the networking giant’s Read more about ‘ArcaneDoor’ Cyberspies Hacked Cisco Firewalls to Access Government Networks[…]

The Crescendo Multi-Turn LLM Jailbreak Attack

In this paper, we introduce a novel jailbreak attack called Crescendo. Unlike existing jailbreak methods, Crescendo is a multi-turn jailbreak that interacts with the model in a seemingly benign manner. It begins with a general prompt or question about the task at hand and then gradually escalates the dialogue by referencing the model’s replies, progressively Read more about The Crescendo Multi-Turn LLM Jailbreak Attack[…]

World Check Database (quite probably filled with miscreants) was given to a 3rd party, taken from there and is now for sale online

The World-Check database used by businesses to verify the trustworthiness of users has fallen into the hands of cybercriminals. The Register was contacted by a member of the GhostR group on Thursday, claiming responsibility for the theft. The authenticity of the claims was later verified by a spokesperson for the London Stock Exchange Group (LSEG), Read more about World Check Database (quite probably filled with miscreants) was given to a 3rd party, taken from there and is now for sale online[…]

Breaking out of kiosk environments using keyboard media buttons via a BadUSB type attack

In early 2023 an awesome colleague (Andreas) spoke about an incident response case featuring thugs plugging a media keyboard into an ATM, and breaking out of its ATM kiosk software to install malware causing it to dispense $$$. This prompted me to spend some time during spring and summer of 2023 looking into Consumer Control, Read more about Breaking out of kiosk environments using keyboard media buttons via a BadUSB type attack[…]

DDOS attack takes down NL provinces and government organizations’ websites

Various websites of provinces and government organizations were down on Monday due to a DDOS attack. At the moment, the website of the Province of North Holland is still unavailable or unavailable again. The websites of the provinces of Groningen, Overijssel and North Brabant were also down for some time. The sites of the Senate Read more about DDOS attack takes down NL provinces and government organizations’ websites[…]

Burglars using Wifi jammers and deauth attacks to disable wireless smart home security

Edina police believe that the suspects aren’t choosing houses at random –they’re researching carefully prior to burglarizing them. The suspects are stealing jewelry, safes, and high-end merchandise. “It’s believed the burglars are not violent and tend to choose unoccupied houses,” the police’s report reads. At the city safety meeting on January 31st, residents warned about Read more about Burglars using Wifi jammers and deauth attacks to disable wireless smart home security[…]

Researchers jailbreak AI chatbots with ASCII art

Researchers based in Washington and Chicago have developed ArtPrompt, a new way to circumvent the safety measures built into large language models (LLMs). According to the research paper ArtPrompt: ASCII Art-based Jailbreak Attacks against Aligned LLMs, chatbots such as GPT-3.5, GPT-4, Gemini, Claude, and Llama2 can be induced to respond to queries they are designed Read more about Researchers jailbreak AI chatbots with ASCII art[…]

HackAPrompt – a taxonomy of GPT prompt hacking techniques

[…] We present a comprehensive Taxonomical Ontology of Prompt Hacking techniques, which categorizes various methods used to manipulate Large Language Models (LLMs) through prompt hacking. This taxonomical ontology ranges from simple instructions and cognitive hacking to more complex techniques like context overflow, obfuscation, and code injection, offering a detailed insight into the diverse strategies used Read more about HackAPrompt – a taxonomy of GPT prompt hacking techniques[…]

Apex Legends streamers surprised to find aimbot and other hacks added to their PCs in the middle of major competition

The Apex Legends Global Series is currently in regional finals mode, but the North America finals have been delayed after two players were hacked mid-match. First, Noyan “Genburten” Ozkose of DarkZero suddenly found himself able to see other players through walls, then Phillip “ImperialHal” Dosen of TSM was given an aimbot. Genburten’s hack happened part Read more about Apex Legends streamers surprised to find aimbot and other hacks added to their PCs in the middle of major competition[…]

Breach in French labor history database impacts up to 43 million people for past 20 years showing what a great idea huge centralised databases are

A French government department – responsible for registering and assisting unemployed people – is the latest victim of a mega data breach that compromised the information of up to 43 million citizens. France Travail announced on Wednesday that it informed the country’s data protection watchdog (CNIL) of an incident that exposed a swathe of personal Read more about Breach in French labor history database impacts up to 43 million people for past 20 years showing what a great idea huge centralised databases are[…]

Vehicle Cloning — Another Reason Not To Use Automated License Plate Readers

Over the last decade, increasing numbers of automated license plate readers (ALPR) have been installed on roads, bringing with them a variety of privacy problems, as Techdirt has reported. It’s easy to see why ALPR is popular with the authorities: license plate readers seem a simple way to monitor driving behavior and to catch people Read more about Vehicle Cloning — Another Reason Not To Use Automated License Plate Readers[…]

Want to Steal a Tesla? set up a guest wifi with a fake site, steal the password and make your own key

Security researchers report they uncovered a design flaw that let them hijack a Tesla using a Flipper Zero, a controversial $169 hacking tool. Partners Tommy Mysk and Talal Haj Bakry of Mysk Inc. said the attack is as simple as swiping a Tesla owner’s login information, opening the Tesla app, and driving away. The victim Read more about Want to Steal a Tesla? set up a guest wifi with a fake site, steal the password and make your own key[…]

Chinese and US researchers show new side channel can reproduce fingerprints by listening to swiping sounds on screen

An interesting new attack on biometric security has been outlined by a group of researchers from China and the US. PrintListener: Uncovering the Vulnerability of Fingerprint Authentication via the Finger Friction Sound [PDF] proposes a side-channel attack on the sophisticated Automatic Fingerprint Identification System (AFIS). The attack leverages the sound characteristics of a user’s finger Read more about Chinese and US researchers show new side channel can reproduce fingerprints by listening to swiping sounds on screen[…]

iOS and Android users face scans used to break into bank accounts

[…] GoldPickaxe and GoldPickaxe.iOS target Android and iOS respectively, tricking users into performing biometric verification checks that are ultimately used to bypass the same checks employed by legitimate banking apps in Vietnam and Thailand – the geographic focus of these ongoing attacks. The iOS version is believed only to be targeting users in Thailand, masquerading Read more about iOS and Android users face scans used to break into bank accounts[…]

1/2 of all French citizens data stolen in healthcare billing breach

Nearly half the citizens of France have had their data exposed in a massive security breach at two third-party healthcare payment servicers, the French data privacy watchdog disclosed last week. Payments outfits Viamedis and Almerys both experienced breaches of their systems in late January, the National Commission on Informatics and Liberty (CNIL) revealed, leading to Read more about 1/2 of all French citizens data stolen in healthcare billing breach[…]