SC Magazine
Scammers offer cash to phone carrier staff to swap SIM cards
T-Mobile and Verizon workers report receiving text messages offering them up to $300 for each illegal SIM swap they complete.
SC Magazine
Review board slams Microsoft’s lax security practices and culture
A “cascade of security failures” allowed China’s top cyberespionage operatives to steal high-level U.S. government emails last year.
DarkReading
Suspected MFA Bombing Attacks Target Apple iPhone Users
Several Apple device users have experienced recent incidents where they have received incessant password reset prompts and vishing calls from a number spoofing Apple's legitimate customer support line.
Ars Technica
“MFA Fatigue” attack targets iPhone owners with endless password reset prompts
Rapid-fire prompts sometimes followed with spoofed calls from "Apple support."
SecurityWeek
Code Execution Flaws Haunt NVIDIA ChatRTX for Windows
Artificial intelligence computing giant NVIDIA patches two security bugs in ChatRTX for Windows, warning of risk of code execution attacks.
CyberNews
Apple users face barrage of MFA bombing attacks
Apple users are being targeted by MFA bombing attacks, also known as push notification spam. Bad actors might be exploiting a bug in Apple’s password reset feature.
Krebs on Security
Recent ‘MFA Bombing’ Attacks Targeting Apple Users
Several Apple customers recently reported being targeted in elaborate phishing attacks that involve what appears to be a bug in Apple's password reset feature. In this scenario, a target's Apple devices are forced to display dozens of system-level prompts that…
The Hacker News
4 Ways Hackers use Social Engineering to Bypass MFA
Understand how hackers exploit social engineering to circumvent MFA and fortify your cybersecurity defenses accordingly.
HACKRead
Cloudflare Hacked After State Actor Leverages Okta Breach
The aftermath of the 2023 Okta breach continues to unfold, with Cloudflare disclosing the details of its security compromise.
CyberSecurity Dive
Okta to cut 7% of workforce as push to revamp security is underway
The layoffs come during the company's 90-day overhaul to address lax security following a string of cyberattacks targeting Okta and its customers.
DarkReading
Syrian Threat Group Peddles Destructive SilverRAT
The Middle Eastern developers claim to be building a new version of the antivirus-bypassing remote access Trojan (RAT) attack tool.
The Cyber Express
Decoding Hackers in 2023: The Year’s Most Disruptive Cybercriminals and Cybercrime Syndicates
The year 2023 witnessed a surge in high-profile cyberattacks, leaving organizations shattered and the world in chaos. This digital turmoil
HACKRead
Ubisoft Hackers Scrambled for 900GB of Data Before Foiled
Ubisoft Entertainment SA, a French video game publisher, has confirmed an attempt to breach the company’s security to steal personal and sensitive data from its infrastructure.
Bleeping Computer
GTA 5 source code reportedly leaked online a year after RockStar hack
The source code for Grand Theft Auto 5 was reportedly leaked on Christmas Eve, a little over a year after the Lapsus$ threat actors hacked Rockstar games and stole corporate data.
Security Affairs
Security Affairs newsletter Round 451 by Pierluigi Paganini
A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free for you.
Security Affairs
Video game giant Ubisoft investigates reports of a data breach
Video game publisher Ubisoft is investigating reports of an alleged data breach after popular researchers shared evidence of the hack.
The Hacker News
British LAPSUS$ Teen Members Sentenced for High-Profile Attacks
Two British teens, part of the LAPSUS$ cybercrime gang, sentenced for orchestrating high-profile attacks against companies.
The Cyber Express
Top 20 Cyberattacks in Recent Past: Key Lessons for Companies in 2024
As the year nears its end, the cybersecurity sector offers profound lessons through incidents like data breaches, leaks, and cyberattacks,
HACKRead
GTA 6 Hacker from Lapsus$ Gang Sentenced to Hospital
Arion Kurtaj, a 17-year-old from the United Kingdom, faced accusations of being part of the Lapsus$ gang, hacking industry giants, including Uber, Rockstar Games, Nvidia, BT, Samsung, and others.
SecurityWeek
UK Teen Gets Indefinite Hospital Order For 'Grand Theft Auto' Hack
A British teenage hacker has been sentenced to an indefinite hospital stay to be treated for his inability to control himself online.
Security Affairs
Member of Lapsus$ gang sentenced to indefinite hospital order
A member of the Lapsus$ cyber extortion group, Arion Kurtaj, has been sentenced to an indefinite hospital order.
The Cyber Express
Teen GTA 6 Hacker Sentenced to Life in Hospital Prison
The 18-year-old GTA 6 hacker, Arion Kurtaj, has been sentenced to life in a hospital prison for his role in
The Record
Autistic teen behind spate of Lapsus$ hacks sentenced to indefinite hospital stay
A U.K. jury found that Arion Kurtaj, 18, had committed crimes attributed to Lapsus$. Psychiatrists had deemed him unfit to fully stand trial.
The Record
Kazakhstan to extradite Russian cyber expert to Moscow despite US requests
Nikita Kislitsin will face hacking and extortion charges in his home country, according to Moscow’s Prosecutor General’s Office.
Bleeping Computer
Lapsus$ hacker behind GTA 6 leak gets indefinite hospital sentence
Lapsus$ cybercrime and extortion group member, Arion Kurtaj has been sentenced to life in a 'secure hospital' by a UK judge. Kurtaj who is 18 years of age and autistic is among the primary Lapsus$ threat actors, and was involved in the leak of assets associated with the video game, Grand Theft Auto VI.
The Record
FCC reminds mobile phone carriers they must do more to prevent SIM swaps
The FCC warning comes on the heels of a Cyber Safety Review Board report about the Lapsus$ cybercrime group.
The Cyber Express
Master the Defenses: 8 Cybersecurity Best Practices for 2024
The ever-accelerating pace of technological advancement shapes our world, forging a double-edged digital landscape. On one hand, it fuels innovation
SecurityWeek
Okta Broadens Scope of Data Breach: All Customer Support Users Affected
Okta expands scope of October breach, saying hackers stole names and email addresses of all its customer support system users.
Bleeping Computer
Okta: October data breach affects all customer support system users
Okta's investigation into the breach of its Help Center environment last month revealed that the hackers obtained data belonging to all customer support system users.
Ars Technica
The FCC says new rules will curb SIM swapping. I’m pessimistic
SIM swaps and port-out scams are a fact of life. New rules aren't likely to change that.
SecurityWeek
FCC Tightens Telco Rules to Combat SIM-Swapping
With cyberattacks rising, new FCC rules will require wireless carriers to notify customers of any SIM transfer requests
The Hacker News
FCC Enforces Stronger Rules to Protect Customers Against SIM Swapping Attacks
FCC mandates that wireless providers authenticate customers before transferring phone numbers, thereby protecting against SIM-swapping attacks and por
The Hacker News
U.S. Cybersecurity Agencies Warn of Scattered Spider's Gen Z Cybercrime Ecosystem
U.S. agencies warn about Scattered Spider cybercriminals using advanced phishing to steal data and extort victims.
The Record
CISA, FBI warn of Scattered Spider expertise with social engineering, SIM swapping
The leading cybersecurity officials in the U.S. published a stark warning on Thursday about a group of hackers who have disrupted some of the largest companies in the country through social engineering and other tactics.
Security Affairs
Samsung suffered a new data breach
Samsung Electronics disclosed a data breach that exposed customer personal information to an unauthorized individual.
CyberNews
Samsung notifies UK store customers of data breach
Samsung Electronics, a South Korean multinational tech corporation, has notified some of its customers of a data breach that exposed their personal data to a hacker.
Bleeping Computer
New Samsung data breach impacts UK store customers
Samsung Electronics is notifying some of its customers of a data breach that exposed their personal information to an unauthorized individual.
Bleeping Computer
Samsung hit by new data breach impacting UK store customers
Samsung Electronics is notifying some of its customers of a data breach that exposed their personal information to an unauthorized individual.
Infosecurity News
Okta Breach Hit Over 130 Customers
Several suffered follow-on session hijacking attacks
Bleeping Computer
Okta breach: 134 customers exposed in October support system hack
Okta says attackers who breached its customer support system last month gained access to files belonging to 134 customers, five of them later being targeted in session hijacking attacks with the help of stolen session tokens.
SecurityWeek
After Major Cloud Hacks, Microsoft Unveils ‘Secure Future Initiative’
Redmond's new security initiative promises faster patches, better management of signing keys and products with a higher default security bar.
Bleeping Computer
Okta data breach exposed personal information of employees
Okta is warning nearly 5,000 current and former employees that their personal information was exposed after a third-party vendor was breached.
Bleeping Computer
Okta hit by third-party data breach exposing employee information
Okta is warning nearly 5,000 current and former employees that their personal information was exposed after a third-party vendor was breached.
Infosecurity News
Okta Reveals Breach Via Stolen Credential
Threat actor accessed case management system
Ars Technica
Okta says hackers breached its support system and viewed customer files
Hackers obtained valid credentials, but Okta doesn't say how.
SecurityWeek
Okta Support System Hacked, Sensitive Customer Data Stolen
Okta warns that hackers broke into its support case management system and stole sensitive data that can be used to impersonate valid users.
Bleeping Computer
Okta says its support system was breached using stolen credentials
Okta says attackers accessed files containing cookies and session tokens uploaded by customers to its support management system after breaching it using stolen credentials.
Krebs on Security
Hackers Stole Access Tokens from Okta’s Support Unit
Okta, a company that provides identity tools like multi-factor authentication and single sign-on to thousands of businesses, has suffered a security breach involving a compromise of its customer support unit, KrebsOnSecurity has learned. Okta says the incident affected a "very…
The Record
Microsoft: Human-operated ransomware attacks tripled over past year
Human-operated attacks typically involve the active abuse of remote monitoring and management tools. Microsoft said its data could point to a shift in how the cybercrime underground works.
The Record
T-Mobile denies rumors of a breach affecting employee data
T-Mobile attributed a leak, which didn't affect company data, to an April attack on an independent retailer.
Bleeping Computer
T-Mobile app glitch let users see other people's account info
T-Mobile customers today were able to see other people's account and billing information after logging into the company's official mobile application.
CyberSecurity Dive
MGM, Caesars attacks raise new concerns about social engineering tactics
Multiple threat groups have employed the same criminal tool kit to target vulnerable systems.
The Hacker News
Financially Motivated UNC3944 Threat Actor Shifts Focus to Ransomware Attacks
UNC3944 threat actor now turns to ransomware attacks, targeting critical systems. Understand their tactics, and learn how to protect your organization
Bleeping Computer
MGM Resorts ESXi servers allegedly encrypted in ransomware attack
An affiliate of the BlackCat ransomware group, also known as APLHV, is behind the attack that disrupted MGM Resorts' operations, forcing the company to shut down IT systems.
Bleeping Computer
MGM casino's ESXi servers allegedly encrypted in ransomware attack
An affiliate of the BlackCat ransomware group, also known as APLHV, is behind the attack that disrupted MGM Resorts' operations, forcing the company to shut down IT systems.
SecurityWeek
Caesars Confirms Ransomware Hack, Stolen Loyalty Program Database
The hijacked data includes driver’s license numbers and/or social security numbers from a Caesars Entertainment loyalty database.
SecurityWeek
Okta Says US Customers Targeted in Sophisticated Attacks
Okta says US-based customers have been targeted in social engineering attacks whose goal was to disable MFA and obtain high privileges.
The Hacker News
Beware of MalDoc in PDF: A New Polyglot Attack Allowing Attackers to Evade Antivirus
Hackers are now using a sneaky "MalDoc in PDF" technique to hide malicious Word files within PDFs.
The Record
How did Clop get its hands on the MOVEit zero day?
Dustin Childs, the head of threat awareness for the Zero Day Initiative, explains to the Click Here podcast team how zero-day vulnerabilities make it into the hands of cybercriminals.
The Hacker News
Two LAPSUS$ Hackers Convicted in London Court for High-Profile Tech Firm Hacks
Remember the hacks on Uber, Revolut, & Rockstar Games? Two UK teenagers, part of the infamous LAPSUS$ gang, convicted for high-profile hacks.
CSO
UK court finds teenagers guilty of carrying out LAPSUS$ hacking spree
The two, including a 17-year-old, were convicted for their part in attacks on Uber, Nvidia, and other companies.
Latest Hacking News
Lapsus$ Teen Hackers Convicted: Unraveling the Grand Theft Auto 6 Leak and High-Profile Cyberattacks
In recent times, the world of cybersecurity has been rocked by a series of audacious cyberattacks. At the heart of these attacks is the notorious Lapsus$ teen hackers group, primarily composed of teenagers. Their high-profile
SecurityWeek
UK Court Concludes Teenager Behind Huge Hacking Campaign
A UK court found a teenager responsible for a hacking campaign that included one of the biggest breaches in the history of the game industry.
Infosecurity News
Teens Found Responsible For Lapsus$ Cyber-Attacks
Arion Kurtaj was deemed not fit to stand trial
Security Affairs
Lapsus$ member has been convicted of having hacked multiple high-profile companies
An 18-year-old member of the Lapsus$ gang has been convicted of having helped hack multiple high-profile companies. A teenage member of the Lapsus$ data extortion group, Arion Kurtaj (18), was convicted by a London jury of having hacked multiple high-profile companies, including Uber, Revolut, and blackmailed the developers of the gaming firm Rockstar Games. Since September […]
Bleeping Computer
Lapsus$ teen hackers convicted of high-profile cyberattacks
A London jury has found that an 18-year-old member of the Lapsus$ data extortion gang helped hack multiple high-profile companies, stole data from them, and demanded a ransom threatening to leak the information.
DataBreaches
Lapsus$: court finds teenagers carried out hacking spree
Joe Tidy reports: A court has found an 18-year-old from Oxford was a part of an international cyber-crime gang responsible for a hacking spree against major...
The Record
British court convicts two teen Lapsus$ members of hacking tech firms
Two teenagers, ages 18 and 17, were found guilty of hacking into major corporations. The cases involved Uber, Nvidia and more.
SecurityWeek
US Cyber Safety Board to Review Cloud Attacks
US government's CSRB will conduct a review of cloud security to provide recommendations on improving identity management and authentication.
Security Affairs
The DHS’s CSRB to review cloud security practices following the hack of Microsoft Exchange govt email accounts
The DHS’s CSRB will review cloud security practices following recent hacks of Microsoft Exchange accounts used by US govt agencies. The US DHS announced that the Cyber Safety Review Board (CSRB) will review the security measure to protect cloud computing environments following the recent compromise of Microsoft Exchange accounts used by US govt agencies. “The […]
Bleeping Computer
US cyber safety board to analyze Microsoft Exchange hack of govt emails
The Department of Homeland Security's Cyber Safety Review Board (CSRB) has announced plans to conduct an in-depth review of cloud security practices following recent Chinese hacks of Microsoft Exchange accounts used by US government agencies.
Infosecurity News
Lapsus$ Hacker Group Exposed in Latest CSRB Report
The CSRB proposed ten concrete recommendations for both governmental bodies and industries
Infosecurity News
DHS to Review Microsoft’s Security in Chinese Email Hack
The review will also conduct a broader review of issues relating to cloud-based identity and authentication infrastructure
CyberScoop
Cyber Safety Review Board to analyze cloud security in wake of Microsoft hack
The decision comes in the wake of a high-profile Chinese breach of U.S. officials' Microsoft email accounts.
DataBreaches
CISA: Review Of The Attacks Associated with Lapsus$ And Related Threat Groups Report
Executive Summary Beginning in late 2021 and continuing late into 2022, a globally active, extortion-focused cyber threat actor group attacked dozens of...
Bleeping Computer
Lapsus$ hackers took SIM-swapping attacks to the next level
The U.S. government released a report after analyzing simple techniques, e.g. SIM swapping, used by the Lapsus$ extortion group to breach dozens of organizations with a strong security posture.
Ars Technica
How fame-seeking teenagers hacked some of the world’s biggest targets
With no skill in software exploitation or encryption busting, Lapsus$ wins anyway.
The Record
Microsoft Exchange hack is focus of cyber board’s next review
The China-linked attack on Microsoft email services will get a full review by the Cyber Safety Review Board, the Department of Homeland Security announced.
The Record
US should crack down on SIM swapping following Lapsus$ attacks: DHS review
In its latest report, the Cyber Safety Review Board called on the FCC and FTC to strengthen their oversight and enforcement activities around SIM swapping.
The Record
Senator calls on DOJ to investigate alleged China hack of Microsoft cloud tools
A leading U.S. senator asked the Justice Department and several other agencies to investigate a recent hack of Microsoft-provided email accounts used by top government officials.
DataBreaches
Two Teens Accused of Masterminding Hacks on Grand Theft Auto and Uber
Katharine Gemmell reports: Two UK teenagers were accused of being key members of the notorious hacking group Lapsus$, with prosecutors alleging that the pair...
The Record
British prosecutors say teen Lapsus$ member was behind hacks on Uber, Rockstar
A British Crown Court on Tuesday lifted a reporting restriction, allowing the naming of teenager Arion Kurtaj who is accused of hacking Uber, Revolut, and video games developer Rockstar in a short period of time last September.
DarkReading
Most Enterprise SIEMs Blind to MITRE ATT&CK Tactics
Organizations are largely deluded about their own security postures, according to an analysis, with the average SIEM failing to detect a whopping 76% of attacker TTPs.
Bleeping Computer
Microsoft enforces number matching to fight MFA fatigue attacks
Microsoft has started enforcing number matching in Microsoft Authenticator push notifications to fend off multi-factor authentication (MFA) fatigue attacks.
Ars Technica
T-Mobile discloses 2nd data breach of 2023, this one leaking account PINs and more
Hack affecting 836 subscribers, lasted for more than a month before it was discovered.
Bleeping Computer
T-Mobile discloses second data breach since the start of 2023
T-Mobile disclosed the second data breach of 2023 after discovering that attackers had access to the personal information of hundreds of customers for more than a month, starting late February 2023.
CyberSecurity Dive
Teenagers, young adults pose prevalent cyberthreat to US, Mandiant says
The brains behind high-profile attacks last year, teenagers and young adults use sophisticated social engineering techniques for intrusions.
The Hacker News
Are Source Code Leaks the New Threat Software vendors Should Care About?
Twitter source code leaked on GitHub for months by user "FreeSpeechEnthusiast". Is your company prepared for a similar breach?
Infosecurity News
Prolific Spanish Teen Hacking Suspect Arrested
Jose Luis Huertas boasted of accessing 90% of Spaniards' info
DarkReading
FBI Seizes Genesis Cybercriminal Marketplace in 'Operation Cookie Monster'
The homepage of a widely used Dark Web forum for stolen cookies and other compromised data has been replaced by a seizure notice by the US federal law enforcement agency.
DarkReading
CardinalOps Launches MITRE ATT&CK Security Layers for Measuring Detection Posture
Enables enterprises to operationalize MITRE ATT&CK and build a multi-layered, threat-informed defense to eliminate gaps based on organizational risk and priorities.
DarkReading
Twitter's Source Code Leak on GitHub a Potential Cyber Nightmare
Indicators point to Twitter's source code being publicly available for around 3 months, offering a developer security object lesson for businesses.
DarkReading
Okta Post-Exploitation Method Exposes User Passwords
Accidentally typing a password in the username field of the platform saves them to audit logs, to which threat actors can gain access and use to compromise enterprise services.
CSO
Stolen credentials increasingly empower the cybercrime underground
New research shows that criminal gangs are focusing more on acquiring stolen credentials to bypass security measures.
The Hacker News
Does Your Help Desk Know Who's Calling?
Hackers are getting smarter, and vishing attacks are becoming more convincing. Don't let your company be the next victim.
CyberSecurity Dive
Okta CEO blames overhiring, ‘execution challenges’ for layoffs
A series of security incidents hit the identity and access management platform last year. But financial results are improving and the customer base is growing.
Bleeping Computer
Riot Games receives ransom demand from hackers, refuses to pay
Riot Games says it will not pay the ransom demanded by the attackers responsible for the security breach the company disclosed last week.
DarkReading
Hunting Insider Threats on the Dark Web
Use threat intelligence to reduce chance of success for malicious insider and Dark Web threats.
Infosecurity News
Riot Games Halts Work After Cyber-Attack
Compromise impacts developer's ability to release updates
CSO
T-Mobile suffers 8th data breach in less than 5 years
Customer data such as customer name, billing address, email, phone number, date of birth, T-Mobile account number and information such as the number of lines on the account and plan features were exposed in the breach.
Loading more articles....