The Akira ransomware gang is claiming responsiblity for the “cybersecurity incident” at British bath bomb merchant. Akira says it has stolen 110 GB of data from the UK-headquartered global cosmetics giant, which has more than 900 stores worldwide, allegedly including “a lot of personal documents” such as passport scans. Passport scans are routinely collected to Read more about Akira ransomware gang says it stole personnel passport scans and other PII from Lush[…]

A zero-day exploit of Google account security was first teased by a cybercriminal known as “PRISMA” in October 2023, boasting that the technique could be used to log back into a victim’s account even after the password is changed. It can also be used to generate new session tokens to regain access to victims’ emails, Read more about Google password resets not enough to stop malware that recreates login tokens[…]

The parent company that owns a controlling stake in Paramount, CBS, and thousands of theaters across the U.S. got hacked late last year, but it took them a full trip around the sun to let any of the tens of thousands of impacted customers know that their data was potentially compromised. The massive entertainment conglomerate Read more about Paramount Parent Was Hacked Christmas 2022, Told Customers a Year Later[…]

A team of researchers from the ASSET Research Group in Singapore have published the details of a collection of vulnerabilities in the fifth generation mobile communication system (5G) used with smartphones and many other devices. These fourteen vulnerabilities are detailed in this paper and a PoC detailing an attack using a software defined radio (SDR) Read more about 5Ghoul: 14 5G attack Used For easy and cheap Disruptive Attacks On Smartphones[…]

Genetic testing company 23andMe changed its terms of service to prevent customers from filing class action lawsuits or participating in a jury trial days after reports revealing that attackers accessed personal information of nearly 7 million people — half of the company’s user base — in an October hack. In an email sent to customers Read more about 23andMe frantically changed its terms of service to prevent 6.9m hacked customers from suing about losing their (and their entire family’s) DNA[…]

Since the beginning of 2023, ESET researchers have observed an alarming growth of deceptive Android loan apps, which present themselves as legitimate personal loan services, promising quick and easy access to funds. Despite their attractive appearance, these services are in fact designed to defraud users by offering them high-interest-rate loans endorsed with deceitful descriptions, all Read more about SpyLoan apps don’t give you loans but blackmail you, steal your money, downloaded 12m times on Android – Apple won’t tell you how often they get duped[…]

An SEC filing has revealed more details on a data breach affecting 23andMe users that was disclosed earlier this fall. The company says its investigation found hackers were able to access the accounts of roughly 0.1 percent of its userbase, or about 14,000 of its 14 million total customers, TechCrunch notes. On top of that, Read more about 23andMe hackers accessed DNA information on millions of customers using a feature that matches relatives[…]

Hardware security hackers have detailed how it’s possible to bypass Windows Hello’s fingerprint authentication and login as someone else – if you can steal or be left alone with their vulnerable device. The research was carried out by Blackwing Intelligence, primarily Jesse D’Aguanno and Timo Teräs, and was commissioned and sponsored by Microsoft’s Offensive Research Read more about How to bypass Windows Hello fingerprint login[…]

Commercial air crews are reporting something “unthinkable” in the skies above the Middle East: novel “spoofing” attacks have caused navigation systems to fail in dozens of incidents since September. In late September, multiple commercial flights near Iran went astray after navigation systems went blind. The planes first received spoofed GPS signals, meaning signals designed to Read more about Commercial Flights Are Experiencing dozens of GPS Spoofing Attacks in the Middle East[…]

Google’s Threat Analysis Group revealed on Thursday that it discovered and worked to help patch an email server flaw used to steal data from governments in Greece, Moldova, Tunisia, Vietnam and Pakistan. The exploit, known as CVE-2023-37580, targeted email server Zimbra Collaboration to pilfer email data, user credentials and authentication tokens from organizations. It started Read more about Zimbra email vulnerability let hackers steal gov data – fix (and exploit) was easily visible on repository before updates[…]

affiliates of ransomware gang AlphV (aka BlackCat) claimed to have compromised digital lending firm MeridianLink – and reportedly filed an SEC complaint against the fintech firm for failing to disclose the intrusion to the US watchdog. First reported by DataBreaches, the break-in apparently happened on November 7. AlphaV’s operatives claimed they did not encrypt any Read more about Cracking group files SEC complaint on hacked company for failure to disclose breach[…]

The Clorox Company’s chief security officer has left her job in the wake of a corporate network breach that cost the manufacturer hundreds of millions of dollars. […] Chau Banks, the chief information and data officer of the $7 billion biz, who reportedly penned the memo, will fill Bogac’s role as Clorox continues mopping up Read more about Clorox CISO leaves after > 1/3rd billion spent on breach[…]

[…] Previously unreported figures from ad blocking companies indicate that YouTube’s crackdown is working, with hundreds of thousands of people uninstalling ad blockers in October. The available data suggests that last month saw a record number of ad blockers uninstalled—and also a record for new ad blocker installs as people sought alternatives that wouldn’t trigger Read more about YouTube’s Crackdown Spurs Record Uninstalls And Reinstalls in new Browser of Ad Blockers… Time to Change Video Site?[…]

Researchers have devised an attack that forces Apple’s Safari browser to divulge passwords, Gmail message content, and other secrets by exploiting a side channel vulnerability in the A- and M-series CPUs running modern iOS and macOS devices.   Further Reading Intel SGX is vulnerable to an unfixable flaw that can steal crypto keys and more Read more about iLeakage hack can force iOS and macOS browsers to divulge passwords and much more[…]

Winter Vivern, believed to be a Belarus-aligned hacker, attacked European government entities and a think tank starting on Oct. 11, according to an Ars Technica report Wednesday. ESET Research discovered the hack that exploited a zero-day vulnerability in Roundcube, a webmail server with millions of users, and allowed the pro-Russian group to exfiltrate sensitive emails. Read more about Hackers Target European Government With Roundcube Webmail Bug[…]

Citrix has urged admins to “immediately” apply a fix for CVE-2023-4966, a critical information disclosure bug that affects NetScaler ADC and NetScaler Gateway, admitting it has been exploited. Plus, there’s a proof-of-concept exploit, dubbed Citrix Bleed, now on GitHub. So if you are using an affected build, at this point assume you’ve been compromised, apply Read more about Citrix urges “immediate” patching as exploit POC[…]

MGM Resorts has admitted that the cyberattack it suffered in September will likely cost the company at least $100 million. The effects of the attack are expected to make a substantial dent in the entertainment giant’s third-quarter earnings and still have a noticeable impact in its Q4 too, although this is predicted to be “minimal.” Read more about MGM Resorts cyberattack to cost $100 million[…]