Hackers return around half of stolen $600 million in Poly Network hack

Hackers have returned nearly half of the $600 million they stole in what’s likely to be one of the biggest cryptocurrency thefts ever. The cybercriminals exploited a vulnerability in Poly Network, a platform that looks to connect different blockchains so that they can work together. Poly Network disclosed the attack Tuesday and asked to establish Read more about Hackers return around half of stolen $600 million in Poly Network hack[…]

Cross-Chain DeFi Site Poly Network Hacked; Hundreds of Millions Potentially Lost

Cross-chain decentralized finance (DeFi) platform Poly Network was attacked on Tuesday, with the alleged hacker draining roughly $600 million in crypto. Poly Network, a protocol launched by the founder of Chinese blockchain project Neo, operates on the Binance Smart Chain, Ethereum and Polygon blockchains. Tuesday’s attack struck each chain consecutively, with the Poly team identifying Read more about Cross-Chain DeFi Site Poly Network Hacked; Hundreds of Millions Potentially Lost[…]

Hackers leak full EA data after failed extortion attempt

The hackers who breached Electronic Arts last month have released the entire cache of stolen data after failing to extort the company and later sell the stolen files to a third-party buyer. The data, dumped on an underground cybercrime forum on Monday, July 26, is now being widely distributed on torrent sites. According to a Read more about Hackers leak full EA data after failed extortion attempt[…]

Hey, AI software developers, you are taking Unicode into account, right … right?

[…] The issue is that ambiguity or discrepancies can be introduced if the machine-learning software ignores certain invisible Unicode characters. What’s seen on screen or printed out, for instance, won’t match up with what the neural network saw and made a decision on. It may be possible abuse this lack of Unicode awareness for nefarious Read more about Hey, AI software developers, you are taking Unicode into account, right … right?[…]

Justice Department says Russians hacked federal prosecutors during SolarWinds

The Russian hackers behind the massive SolarWinds cyberespionage campaign broke into the email accounts of some of the most prominent federal prosecutors’ offices around the country last year, the Justice Department said Friday. The department said 80% of Microsoft email accounts used by employees in the four U.S. attorney offices in New York were breached. Read more about Justice Department says Russians hacked federal prosecutors during SolarWinds[…]

US legal eagles representing Apple, IBM, and more take 5 months to inform clients of ransomware data breach, will only offer support if social security number was in data

Law firm Campbell Conroy & O’Neil has warned of a breach from late February which may have exposed data from the company’s lengthy client list of big-name corporations including Apple and IBM. The breach, which was discovered on 27 February 2021 when a ransomware infection blocked access to selected files on the company’s internal systems, Read more about US legal eagles representing Apple, IBM, and more take 5 months to inform clients of ransomware data breach, will only offer support if social security number was in data[…]

Saudi Aramco data breach sees 1 TB stolen data for sale

[…] The threat actors are offering Saudi Aramco’s data starting at a negotiable price of $5 million. Saudi Aramco has pinned this data incident on third-party contractors and tells BleepingComputer that the incident had no impact on Aramco’s operations. “Zero-day exploitation” used to breach network This month, a threat actor group known as ZeroX is offering 1 TB of Read more about Saudi Aramco data breach sees 1 TB stolen data for sale[…]

Report shines light on REvil’s depressingly simple tactics: Phishing, credential-stuffing RDP servers… the usual

Palo Alto Networks’ global threat intelligence team, Unit 42, has detailed the tactics ransomware group REvil has employed to great impact so far this year – along with an estimation of the multimillion-dollar payouts it’s receiving. […] The group, which provides what security wonks have come to term “Ransomware as a Service” or RAAS, has Read more about Report shines light on REvil’s depressingly simple tactics: Phishing, credential-stuffing RDP servers… the usual[…]

This Crowdsourced Ransomware Payment Tracker Shows How Much Cybercriminals Have Heisted

Ransomware attacks are on the rise, but quantifying the scope of the problem can be tricky when only the most high-profile cases make headlines. Enter Ransomwhere, […] Jack Cable, a security architect at the cybersecurity consulting firm Krebs Stamos Group, launched the site on Thursday. […] The way it works is Ransomwhere keeps a running Read more about This Crowdsourced Ransomware Payment Tracker Shows How Much Cybercriminals Have Heisted[…]

Iran’s Train System Hacked, Khamenei’s phone nr posted on station msg boards as help line

Cyberattacks reportedly disrupted Iran’s railway system on Friday, causing “unprecedented chaos” at stations throughout the country, according to state media. The hackers, whoever they are, also reportedly trolled the nation’s Supreme Leader Ali Khamenei, posting his phone number as “the number to call for information” on multiple train station message boards, Reuters reports. According to Read more about Iran’s Train System Hacked, Khamenei’s phone nr posted on station msg boards as help line[…]

Report: Russian Cyber Spies Recently Hacked the RNC

According to a new investigation from Bloomberg, cyber spies connected to the Russian government recently hacked into the Republican National Committee—though the RNC has denied that their systems were breached in this way. According to Bloomberg, the hacker group known as “Cozy Bear”—thought to be connected to Russia’s intelligence service, the SVR—conducted the intrusion, though Read more about Report: Russian Cyber Spies Recently Hacked the RNC[…]

Getting Your iPhone Near This Cursed Network Breaks Its Wifi

iPhone doesn’t even have to connect to the network to mess up. Back in June, security researcher Carl Schou found that when he joined the network “%p%s%s%s%s%n”, his iPhone permanently disabled its wifi functionality. Luckily, this was fixed by resetting all network settings, which erased the villainous wifi name from his phone’s memory. You would Read more about Getting Your iPhone Near This Cursed Network Breaks Its Wifi[…]

Largest ransomware attack ever through hacked Kaseya software by REvil. Thousands of victims in at least 17 countries. $70m asked to decrypt the lot.

Cybersecurity teams worked feverishly Sunday to stem the impact of the single biggest global ransomware attack on record, with some details emerging about how the Russia-linked gang responsible breached the company whose software was the conduit. An affiliate of the notorious REvil gang, best known for extorting $11 million from the meat-processor JBS after a Read more about Largest ransomware attack ever through hacked Kaseya software by REvil. Thousands of victims in at least 17 countries. $70m asked to decrypt the lot.[…]

Western Digital Confirms ‘My Book Live’ Drives Are Being Deleted Remotely

Western Digital’s popular My Book Live hard drives are being deleted remotely by an unknown attacker, according to the company. And there’s not much anyone can do at this point but unplug their drives from the internet. “We have determined that some My Book Live devices have been compromised by a threat actor,” Western Digital’s Read more about Western Digital Confirms ‘My Book Live’ Drives Are Being Deleted Remotely[…]

Microsoft says new breach via customer service discovered in probe of suspected SolarWinds hackers

Microsoft (MSFT.O) said on Friday an attacker had won access to one of its customer-service agents and then used information from that to launch hacking attempts against customers. The company said it had found the compromise during its response to hacks by a team it identifies as responsible for earlier major breaches at SolarWinds (SWI.N) Read more about Microsoft says new breach via customer service discovered in probe of suspected SolarWinds hackers[…]

Russia spoofed AIS data to fake British warship’s course days before firing at them from a huge distance in Crimea

Russia was back up to its age-old spoofing of GPS tracks earlier this week before a showdown between British destroyer HMS Defender and coastguard ships near occupied Crimea in the Black Sea. Yesterday Defender briefly sailed through Ukrainian waters, triggering the Russian Navy and coastguard into sending patrol boats and anti-shipping aircraft to buzz the Read more about Russia spoofed AIS data to fake British warship’s course days before firing at them from a huge distance in Crimea[…]

Hackers Are Selling Data Stolen From Audi and Volkswagen

On Friday, Volkswagen disclosed a data breach that it said affected 3.3 million customers and interested buyers. On Monday, hackers put the data stolen from the car maker on sale on a notorious hacking forum. In the sales listing reviewed by Motherboard, a hacker that goes by 000 wrote that the data included email addresses Read more about Hackers Are Selling Data Stolen From Audi and Volkswagen[…]

In Brazil, Criminals Steal Phones to Empty Victims’ Bank Account

São Paulo pickpockets are increasingly stealing people’s smartphones not to pawn off the device, but rather to gain access to their bank account. That’s according to a report from Brazilian newspaper Folha de S.Paulo this week. As first spotted by 9to5 Mac, the report claims this kind of theft has been going on since the Read more about In Brazil, Criminals Steal Phones to Empty Victims’ Bank Account[…]

Ukraine police collar six Clop ransomware gang suspects in joint raids with South Korean cops

Ukrainian police have arrested six people, alleged to be members of the notorious Clop* ransomware gang, seizing cash, cars – and a number of Apple Mac laptops and desktops. “It was established that six defendants carried out attacks of malicious software such as ‘ransomware’ on the servers of American and [South] Korean companies,” alleged Ukraine’s Read more about Ukraine police collar six Clop ransomware gang suspects in joint raids with South Korean cops[…]

Alibaba suffers billion-item data leak including usernames and mobile numbers

Alibaba’s Chinese shopping operation Taobao has suffered a data breach of over a billion data points including usernames and mobile phone numbers. The info was lifted from the site by a crawler developed by an affiliate marketer. Chinese outlet 163.com reported the case last week and today it was picked up by the Wall Street Read more about Alibaba suffers billion-item data leak including usernames and mobile numbers[…]

Risk and reward: Nefilim ransomware gang mainly targets fewer, richer companies and that strategy is paying off, warns Trend Micro

The Nefilim ransomware gang might not be the best known or most prolific online extortion crew but their penchant for attacking small numbers of $1bn+ turnover firms is paying off, according to some latest research. The crew has made comparatively fewer headlines next to better-known criminals such as Darkside, perpetrators of the infamous US Colonial Read more about Risk and reward: Nefilim ransomware gang mainly targets fewer, richer companies and that strategy is paying off, warns Trend Micro[…]

Internal data + games source code from breach CD Projekt Cyberpunk 2077 circulating online

Internal company data leaked during a February security breach is now being circulated on the internet, Polish video games maker CD Projekt (CDR.WA) said in a statement published on Thursday. The attack, which compromised some of its internal systems including the source code to its much-hyped game Cyberpunk 2077, dealt another blow to the Warsaw-based Read more about Internal data + games source code from breach CD Projekt Cyberpunk 2077 circulating online[…]

McDonald’s Hit by Data Breach – WSJ

McDonald’s Corp. said hackers stole some data from its systems in markets including the U.S., South Korea and Taiwan, in another example of cybercriminals infiltrating high-profile global companies. The burger chain said Friday that it recently hired external consultants to investigate unauthorized activity on an internal security system, prompted by a specific incident in which Read more about McDonald’s Hit by Data Breach – WSJ[…]