Army Hires Company To Develop Cyber Defenses For Its Strykers After They Were Hacked

On Nov. 16, 2020, Virginia-based cybersecurity firm Shift5, Inc. announced that it had received a $2.6 million contract from the Army’s Rapid Capabilities and Critical Technologies Office (RCCTO) to “provide unified cybersecurity prototype kits designed to help protect the operational technology of the Army’s Stryker combat vehicle platform.” The company says it first pitched its Read more about Army Hires Company To Develop Cyber Defenses For Its Strykers After They Were Hacked[…]

Ticketmaster cops £1.25m ICO fine for 2018 Magecart breach, blames someone else and vows to appeal

The Information Commissioner’s Office has fined Ticketmaster £1.25m after the site’s operators failed to spot a Magecart card skimmer infection until after 9 million customers’ details had been slurped by criminals. The breach began in February 2018 and was not detected until April, when banks realised their customers’ cards were being abused by criminals immediately Read more about Ticketmaster cops £1.25m ICO fine for 2018 Magecart breach, blames someone else and vows to appeal[…]

Campari Ransomware Hackers Take Out Facebook Ads to Get Paid

The Campari Group recently experienced a ransomware attack that allegedly shut down the company’s servers. The malware, created by the RagnarLocker gang, essentially locked corporate servers and allowed the hackers to exfiltrate “2 terabytes” of data, according to the hackers. On Nov. 6, the company wrote, “at this stage, we cannot completely exclude that some Read more about Campari Ransomware Hackers Take Out Facebook Ads to Get Paid[…]

Dickey’s Barbecue Pit Hackers May Have 3M Stolen Credit Cards

Hackers are currently selling a trove of 3 million credit card numbers and customer records apparently stolen from Dickey’s Barbecue Pit, one of the biggest barbecue chains in the United States. The company made a statement today about the hack, suggesting that charges made to the stolen cards will be reversed. […] Security firm Gemini Read more about Dickey’s Barbecue Pit Hackers May Have 3M Stolen Credit Cards[…]

Confirmed: Barnes & Noble hacked, systems taken offline for days, miscreants may have swiped personal info

Barnes and Noble tonight confirmed it was hacked, and that its customers’ personal information may have been accessed by the intruders. The cyber-break-in forced the bookseller to take its systems offline this week to clean up the mess. See our update at the end of this piece. Our original report follows. Bookseller Barnes and Noble’s Read more about Confirmed: Barnes & Noble hacked, systems taken offline for days, miscreants may have swiped personal info[…]

German Hospital Hacked, Patient Taken to Another City Dies- First documented cyberattack fatality?

German authorities said Thursday that what appears to have been a misdirected hacker attack caused the failure of IT systems at a major hospital in Duesseldorf, and a woman who needed urgent admission died after she had to be taken to another city for treatment. The Duesseldorf University Clinic’s systems have been disrupted since last Read more about German Hospital Hacked, Patient Taken to Another City Dies- First documented cyberattack fatality?[…]

Attack on The EMV Smartcard Standard: man in the middle exploit with 2 smartphones

EMV is the international protocol standard for smartcard payment and is used in over 9 billion cards worldwide. Despite the standard’s advertised security, various issues have been previously uncovered, deriving from logical flaws that are hard to spot in EMV’s lengthy and complex specification, running over 2,000 pages. We formalize a comprehensive symbolic model of Read more about Attack on The EMV Smartcard Standard: man in the middle exploit with 2 smartphones[…]

Plane-tracking site Flight Radar 24 DDoSed… just as drones spotted buzzing over Azerbaijan and Armenia

[…] Flight Radar spokesman Ian Petchenik told The Register: “At this time we understand this to be a very strong DDoS attack [orchestrated] from a single source. While it is not known why we’re being targeted, multiple flight tracking services have suffered attacks over the past two days.” It was not immediately obvious which other Read more about Plane-tracking site Flight Radar 24 DDoSed… just as drones spotted buzzing over Azerbaijan and Armenia[…]

Looks Like the Windows XP Source Code Just Leaked on 4chan

Would you believe more than 1% of computers worldwide are still using Windows XP? Incredibly, there are still millions of people using 19-year-old operating system. And a recent development — if it bears out — is another reason  people need to make the switch to something newer. On Thursday, users on 4chan posted what they Read more about Looks Like the Windows XP Source Code Just Leaked on 4chan[…]

Iranian Hackers Beat Encrypted Apps like Telegram, WhatsApp – since 2014

Iranian hackers, most likely employees or affiliates of the government, have been running a vast cyberespionage operation equipped with surveillance tools that can outsmart encrypted messaging systems — a capability Iran was not previously known to possess, according to two digital security reports released Friday. The operation not only targets domestic dissidents, religious and ethnic Read more about Iranian Hackers Beat Encrypted Apps like Telegram, WhatsApp – since 2014[…]

European Police Malware Could Harvest GPS, Messages, Passwords, More from Encrochat devices

The malware that French law enforcement deployed en masse onto Encrochat devices, a large encrypted phone network using Android phones, had the capability to harvest “all data stored within the device,” and was expected to include chat messages, geolocation data, usernames, passwords, and more, according to a document obtained by Motherboard. The document adds more Read more about European Police Malware Could Harvest GPS, Messages, Passwords, More from Encrochat devices[…]

Eterbase cryptocurrency exchange hacked and $5.4 million stolen

Cryptocurrency exchange Eterbase last week admitted hackers broke into its computers and made off with other people’s coins, said to be worth $5.4m. The plug was pulled on the digital dosh exchange as a result, though it may return at some point: it claims to have enough capital to surmount the cyber-heist. Investigations by staff Read more about Eterbase cryptocurrency exchange hacked and $5.4 million stolen[…]

European ISPs report mysterious wave of DDoS attacks

More than a dozen internet service providers (ISPs) across Europe have reported DDoS attacks that targeted their DNS infrastructure. The list of ISPs that suffered attacks over the past week includes Belgium’s EDP, France’s Bouygues Télécom, FDN, K-net, SFR, and the Netherlands’ Caiway, Delta, FreedomNet, Online.nl, Signet, and Tweak.nl. Attacks lasted no longer than a day and were all eventually mitigated, but ISP services were Read more about European ISPs report mysterious wave of DDoS attacks[…]

The Big Tesla Hack: A hacker gained control over the entire fleet, but fortunately he’s a good guy

In July 2017, Tesla CEO Elon Musk got on stage at the National Governors Association in Rhode Island and confirmed that a “fleet-wide hack” is one of Tesla’s biggest concerns as the automaker moves to autonomous vehicles. He even presented a strange scenario that could happen in an autonomous future: “In principle, if someone was able Read more about The Big Tesla Hack: A hacker gained control over the entire fleet, but fortunately he’s a good guy[…]

Ex-Uber chief security officer charged, accused of covering up theft of personal info from databases by hackers

Uber’s chief security officer, Joe Sullivan broke the law by hushing up the theft of millions of people’s details from the app maker’s databases by hackers, prosecutors say. Sullivan, 52, formerly of eBay, Facebook, and PayPal, was today charged with obstruction of justice and misprision – concealing knowledge of a crime from law enforcement – Read more about Ex-Uber chief security officer charged, accused of covering up theft of personal info from databases by hackers[…]

Zoombomber crashes court hearing on Twitter hack with Pornhub video, Judge obviously not qualified for this case

Zoombombers today disrupted a court hearing involving the Florida teen accused of masterminding a takeover of high-profile Twitter accounts, forcing the judge to stop the hearing. “During the hearing, the judge and attorneys were interrupted several times with people shouting racial slurs, playing music, and showing pornographic images,” ABC Action News in Tampa Bay wrote. A Read more about Zoombomber crashes court hearing on Twitter hack with Pornhub video, Judge obviously not qualified for this case[…]

How > 23% of Tor Relays are Maliciously Exploiting Users and stealing BTC in 2020 seemingly run by 1 actor

In December 2019 I wrote about The Growing Problem of Malicious Relays on the Tor Network with the motivation to rise awareness and to improve the situation over time. Unfortunately instead of improving, things have become even worse, specifically when it comes to malicious Tor exit relay activity. Tor exit relays are the last hop Read more about How > 23% of Tor Relays are Maliciously Exploiting Users and stealing BTC in 2020 seemingly run by 1 actor[…]

Hacker leaks passwords for 900+ enterprise Pulse VPN servers

A hacker has published today a list of plaintext usernames and passwords, along with IP addresses for more than 900 Pulse Secure VPN enterprise servers. ZDNet, which obtained a copy of this list with the help of threat intelligence firm KELA, verified its authenticity with multiple sources in the cyber-security community. According to a review, Read more about Hacker leaks passwords for 900+ enterprise Pulse VPN servers[…]

Hackers are defacing loads of high profile Reddit channels with pro-Trump messages

A massive hack has hit Reddit today after tens of Reddit channels have been hacked and defaced to show messages in support of Donald Trump’s reelection campaign. The hacks are still ongoing at the time of writing, but we were told Reddit’s security team is aware of the issue and has already begun restoring defaced Read more about Hackers are defacing loads of high profile Reddit channels with pro-Trump messages[…]

Hackers Broke Into Real News Sites to Plant Fake Stories

On Wednesday, security firm FireEye released a report on a disinformation-focused group it’s calling Ghostwriter. The propagandists have created and disseminated disinformation since at least March 2017, with a focus on undermining NATO and the US troops in Poland and the Baltics; they’ve posted fake content on everything from social media to pro-Russian news websites. Read more about Hackers Broke Into Real News Sites to Plant Fake Stories[…]

US govt says Chinese duo hacked, stole blueprints from just about everyone and then extorted cash.

On Tuesday, the US Department of Justice charged two Chinese nationals with allegedly hacking hundreds of organizations and individuals in America and elsewhere to steal confidential corporate secrets on behalf of Beijing for more than a decade. The pilfered files are said to be worth hundreds of millions of dollars, and in some cases, it Read more about US govt says Chinese duo hacked, stole blueprints from just about everyone and then extorted cash.[…]

Twitter hack latest: Up to 36 compromised accounts had their private messages read – including a Dutch politician’s

Twitter has admitted that the naughty folk who hijacked verified accounts last week read a portion of hacked users’ direct messages. Among the 36 Twitter users whose direct messages (DMs), email addresses and phone numbers were definitely accessed by account hijackers last week was one Dutch politician, the microblogging platform said overnight. “We believe that Read more about Twitter hack latest: Up to 36 compromised accounts had their private messages read – including a Dutch politician’s[…]

BadPower Attack Can Trick Power Bricks into Starting a Fire

In a study published by Xuanwu Labs (which is owned by Chinese tech giant Tencent), researchers detailed the BadPower hack which works by manipulating the firmware inside fast charge power adapters. Normally, when a phone is connected to a power brick with support for fast charging, the phone and the power adapter communicate with each Read more about BadPower Attack Can Trick Power Bricks into Starting a Fire[…]

FYI Russia is totally hacking the West’s labs in search of COVID-19 vaccine files, say UK, US, Canada cyber-spies. So is China and Iran.

Russian hackers at the state’s FSB spy agency have been caught breaking into Western institutions working on potential vaccines for the COVID-19 coronavirus in hope of stealing said research. That’s according to the British National Cyber Security Centre and America’s NSA today. The Kremlin-backed APT29 crew, also known by a variety of other names such Read more about FYI Russia is totally hacking the West’s labs in search of COVID-19 vaccine files, say UK, US, Canada cyber-spies. So is China and Iran.[…]