173340939
submission
wiredmikey writes:
A team from cybersecurity firm Synacktiv earned $200,000 at Pwn2Own for an integer overflow exploit targeting Tesla's electronic control unit (ECU) with CAN bus control. In addition to the money, the researchers won a new Tesla Model 3.
Participants have earned more than $700,000 on the first day of the Pwn2Own Vancouver 2024 hacking competition, successfully demonstrating exploits against a Tesla car, Linux and Windows operating systems, and various pieces of widely used software.
173157370
submission
wiredmikey writes:
The LockBit ransomware operators launched a new leak site over the weekend, claiming they restored their infrastructure following a law enforcement takedown and invited affiliates to re-join the operation.
Over the weekend, an individual involved with the RaaS, who uses the moniker of “LockBitSupp”, launched a new leak site that lists hundreds of victim organizations and which contains a long message providing his view on the takedown.
172953854
submission
wiredmikey writes:
Web security and CDN giant Cloudflare said it was hacked by a threat actor using stolen credentials to access internal systems, code repositories, along with an AWS environment, as well as Atlassian Jira and Confluence. The goal of the attack, Cloudflare says, was to obtain information on the company’s infrastructure, likely to gain a deeper foothold.
According to Cloudflare, more than 5,000 individual production credentials were rotated following the incident, close to 5,000 systems were triaged, test and staging systems were physically segmented, and every machine within the Cloudflare global network was reimaged and rebooted.
172935480
submission
v3rgEz writes:
Founded in 2003, Appin has been described as a cybersecurity company and an educational consulting firm. Appin was also, according to Reuters reporting and extensive marketing materials, a prolific “hacking for hire” service, stealing information from politicians and militaries as well as businesses and even unfaithful spouses.
Legal letters, being sent to newsrooms and organizations around the world, are trying to remove that story from the internet — and are often succeeding. Now, MuckRock, Techdirt and the Electronic Frontier Foundation are pushing back, helping to ensure the materials stays available. As Masnick at Techdirt notes, "This kind of censorial bullying may work on other publications, but Techdirt believes that (1) important stories, especially around surveillance and hacking, deserve to be read and (2) it’s vitally important to call it out publicly when operations like Appin seek to silence reporting, especially when it’s done through abusing the legal process to silence and intimidate journalists and news organizations."
172783683
submission
wiredmikey writes:
A Russian government-backed hacking team successfully hacked into Microsoft’s corporate network and stole emails and attachments from senior executives and targets in the cybersecurity and legal departments, the company disclosed late Friday.
The software giant said the APT group, known as Midnight Blizzard/Nobelium, used a password spray attack to compromise a legacy non-production test tenant account and gain a foothold, and then used the account’s permissions to access a very small percentage of Microsoft corporate email accounts.
172318327
submission
wiredmikey writes:
The Municipal Water Authority of Aliquippa in Pennsylvania confirmed that hackers took control of a system associated with a booster station over the weekend. The company provides water and sewer services to more than 6,600 customers.
An alarm quickly alerted the Aliquippa utility of the intrusion and the compromised system was disabled. The water facility’s representative said there was no known risk to the water supply or drinking water.
An Iran-linked hacktivist group calling itself Cyber Av3ngers has taken credit for the attack. The anti-Israel hackers appear to have targeted an industrial control system (ICS) made by Israeli company Unitronics.
172250811
submission
wiredmikey writes:
A notorious ransomware group has filed a complaint with the US Securities and Exchange Commission (SEC) over the failure of a victim to disclose an alleged data breach resulting from an attack conducted by the cybercrime gang itself.
In an apparent effort to increase its chances of getting paid, the malicious hackers claim to have filed a complaint with the SEC against California-based MeridianLink, accusing the company of failing to disclose the breach within four business days, as required by rules announced by the agency in July.
172205045
submission
wiredmikey writes:
Threat hunters at Mandiant are shining the spotlight on a pair of previously undocumented operational technology (OT) attacks by Russia’s “Sandworm” hackers that caused an unplanned power outage and coincided with mass missile strikes on critical infrastructure across Ukraine.
The attacks, which spanned several months and culminated in two disruptive events last October, leveraged what Mandiant is describing as a “novel technique” for impacting industrial control systems (ICS) and OT.
“This attack represents the latest evolution in Russia’s cyber physical attack capability,” the company warned, noting a “growing maturity of Russia’s offensive OT arsenal that includes the ability to pinpoint novel OT threat vectors, develop new capabilities, and leverage different types of OT infrastructure to execute attacks.
172140574
submission
wiredmikey writes:
In a surprising development on Monday that is spooking the cybersecurity community, the SEC filed charges against SolarWinds and its Chief Information Security Officer (CISO), Timothy G. Brown, alleging that the software company misled investors about its cybersecurity practices and known risks.
The charges stem from alleged fraud and internal control failures related to known cybersecurity weaknesses that took place between the company’s October 2018 initial public offering (IPO) and its December 2020 revelation of the infamous supply chain cyberattack dubbed “SUNBURST.”
The SEC’s complaint also points to internal communications among SolarWinds employees, including Brown, in 2019 and 2020, which raised questions about the company’s ability to protect its critical assets from cyberattacks.
171989063
submission
wiredmikey writes:
A zero-day vulnerability named ‘HTTP/2 Rapid Reset’ has been exploited by malicious actors to launch the largest distributed denial-of-service (DDoS) attacks in internet history. One of the attacks seen by Cloudflare was three times larger than the record-breaking 71 million requests per second (RPS) attack reported by company in February. Specifically, the HTTP/2 Rapid Reset DDoS campaign peaked at 201 million RPS, while Google’s observed a DDoS attack that peaked at 398 million RPS. The new attack method abuses an HTTP/2 feature called ‘stream cancellation’, by repeatedly sending a request and immediately canceling it.
171918407
submission
171907997
submission
wiredmikey writes:
The NSA and FBI warn that a Chinese state-sponsored APT called BlackTech is hacking into network edge devices and using firmware implants to silently hop around the corporate networks of U.S. and Japanese companies.
According to a high-powered joint advisory from the NSA, FBI, CISA and Japan’s NISC, BlackTech has been observed modifying router firmware on Cisco routers to maintain stealthy persistence and pivot from international subsidiaries to headquarters in Japan and the United States. “Specifically, upon gaining an initial foothold into a target network and gaining administrator access to network edge devices, BlackTech cyber actors often modify the firmware to hide their activity across the edge devices to further maintain persistence in the network,” the agencies warned.
171018917
submission
wiredmikey writes:
Microsoft and the Cybersecurity and Infrastructure Security Agency (CISA) say Chinese state-backed hackers siphoning data from critical infrastructure organizations in Guam, a U.S. territory in the Pacific Ocean.
The discovery is raising eyebrows because the tiny island is considered an important part of a future China/Taiwan military conflict. Microsoft nicknamed the campaign Volt Typhoon and described it as “stealthy and targeted malicious activity focused on post-compromise credential access and network system discovery.”Link to Original Source
170940267
submission
wiredmikey writes:
A former executive fired from TikTok’s parent company ByteDance made a raft of accusations against the tech giant Friday, including that the Chinese government maintained access to all company data, including information stored in the United States. Yintao Yu, who served as head of engineering for ByteDance’s U.S. operations, also said TikTok served as a “propaganda tool” for the Chinese government by suppressing or promoting content favorable to the country’s interests.
170882428
submission
wiredmikey writes:
Former Uber security chief Joe Sullivan was sentenced on Thursday to three years of probation and community service for covering up a data breach suffered by the ride-sharing giant in 2016. Sullivan was charged in August 2020 and found guilty by a jury in October 2022. Before the sentencing, prosecutors were hoping for 15 months in prison, while the defense wanted probation, which was the ultimate outcome, allowing the former chief security officer (CSO) to avoid prison time.
