What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2023-02-22 13:22:19 | Russia blames hackers as commercial radio stations broadcast fake air strike warnings (lien direct) |  Fake air raid and missile strike warnings blared from Russian radio stations. Officials blamed the incident on a hack of satellite tech |
Hack | ★★★ | |
 |
2023-02-21 14:00:00 | CyberheistNews Vol 13 #08 [Heads Up] Reddit Is the Latest Victim of a Spear Phishing Attack Resulting in a Data Breach (lien direct) |
CyberheistNews Vol 13 #08 | February 21st, 2023
[Heads Up] Reddit Is the Latest Victim of a Spear Phishing Attack Resulting in a Data Breach
There is a lot to learn from Reddit's recent data breach, which was the result of an employee falling for a "sophisticated and highly-targeted" spear phishing attack.
I spend a lot of time talking about phishing attacks and the specifics that closely surround that pivotal action taken by the user once they are duped into believing the phishing email was legitimate.
However, there are additional details about the attack we can analyze to see what kind of access the attacker was able to garner from this attack. But first, here are the basics:
According to Reddit, an attacker set up a website that impersonated the company's intranet gateway, then sent targeted phishing emails to Reddit employees. The site was designed to steal credentials and two-factor authentication tokens.
There are only a few details from the breach, but the notification does mention that the threat actor was able to access "some internal docs, code, as well as some internal dashboards and business systems."
Since the notice does imply that only a single employee fell victim, we have to make a few assumptions about this attack:
The attacker had some knowledge of Reddit's internal workings – The fact that the attacker can spoof an intranet gateway shows they had some familiarity with the gateway's look and feel, and its use by Reddit employees.
The targeting of victims was limited to users with specific desired access – Given the knowledge about the intranet, it's reasonable to believe that the attacker(s) targeted users with specific roles within Reddit. From the use of the term "code," I'm going to assume the target was developers or someone on the product side of Reddit.
The attacker may have been an initial access broker – Despite the access gained that Reddit is making out to be not a big deal, they do also mention that no production systems were accessed. This makes me believe that this attack may have been focused on gaining a foothold within Reddit versus penetrating more sensitive systems and data.
There are also a few takeaways from this attack that you can learn from:
2FA is an important security measure – Despite the fact that the threat actor collected and (I'm guessing) passed the credentials and 2FA details onto the legitimate Intranet gateway-a classic man-in-the |
Data Breach Hack Threat Guideline | ChatGPT | ★★ |
|
2023-02-21 13:16:28 | Irish TV broadcaster says attempted hack will affect programming (lien direct) |  Virgin Media Television, the Irish broadcaster, said on Monday that an attempted hack was going to impact its programming in coming days. The nature of the attack has not been specified, although a spokesperson told The Record it was not a ransomware attack. In a statement the company described identifying “an unauthorized attempt to access [… |
Ransomware Hack | ★★★ | |
 |
2023-02-20 18:09:25 | RailYatri: 31 Million Users Affected On Indian Ticketing Platform (lien direct) | Although the RailYatri attack occurred in December 2022, the stolen data was only recently made public on a well-known hacker forum. In addition to exposing personal information, the RailYatri hack revealed the locations of millions of travelers throughout India. A significant data breach at the well-known Indian railway ticketing website RailYatri exposed the private data […] | Data Breach Hack | ★★ | |
 |
2023-02-20 15:17:21 | Coinbase Attack Linked to Group Behind Last Year\'s Twilio, Cloudflare Hacks (lien direct) | Coinbase was recently targeted in a sophisticated phishing attack and the cryptocurrency exchange linked the hack to the 0ktapus group. | Hack | ★★ | |
 |
2023-02-20 13:42:17 | Spain to extradite British suspect to US over Twitter hack (lien direct) | Joseph O'Connor faces several charges in connection with the hack of more than 130 Twitter accounts. | Hack | ★★ | |
|
2023-02-20 10:09:07 | GoDaddy Says Recent Hack Part of Multi-Year Campaign (lien direct) | >GoDaddy recently discovered a hacker attack where a sophisticated threat group infected websites and servers with malware. | Hack Threat | ★ | |
 |
2023-02-18 03:02:00 | Malware Arsenal used by Ember Bear (aka UAC-0056,Saint Bear, UNC2589, Lorec53, TA471, Nodaria, Nascent Ursa, LorecBear, Bleeding Bear, and DEV-0586) in attacks targeting Ukraine (samples) (lien direct) |  2023-02-18Ember Bear (aka UAC-0056,Saint Bear, UNC2589, Lorec53, TA471, Nodaria, Nascent Ursa, LorecBear, Bleeding Bear, and DEV-0586) is an Advanced Persistent Threat (APT) group believed to be based in Russia. Their primary targets have been diplomatic and government entities in Europe, particularly Ukraine, and the United States. They have also targeted various industries, including defense, energy, and technology. Download the full collectionEmail me if you need the password (see in my profile) (209 MB. 218 samples listed in the hash tables below).The malware arsenal collected here includes:Elephant framework (GrimPlant (Backdoor) and GraphSteel (Stealer).)Graphiron BackdoorOutSteel (LorecDocStealer)BabaDedaCobalt Strike (Beacon)SaintBot DownloaderWhisperGate WiperAPT Group DescriptionAPT Group aliases:UAC-0056 (UA CERT)Ember Bear (Crowdstrike)Saint Bear (F-Secure)UNC2589 (Fireeye, IBM)Lorec53 (NSFOCUS)TA471 (Proofpoint)Nodaria (Symantec)Nascent Ursa (Palo Alto)LorecBearBleeding Bear (Elastic)DEV-0586 (MIcrosoft)The group is a suspected Russian state-sponsored cyber espionage group that has been active since at least March 2021.The group primarily targets Ukraine and Georgia, but has also targeted Western European and North American foreign ministries, pharmaceutical companies, and financial sector organizations.The group is known for using various malicious implants such as GrimPlant, GraphSteel, and CobaltStrike Beacon, as well as spear phishing attacks with macro-embedded Excel documents.In January 2022, the group performed a destructive wiper attack on multiple Ukrainian government computers and websites, known as WhisperGate.The Lorec53 group is a new type of APT group fi |
Ransomware Malware Hack Tool Vulnerability Threat Medical | ★★ | |
 |
2023-02-17 12:19:21 | Norwegian police recover $5.8M crypto from massive Axie Infinity hack (lien direct) | Norwegian police (Økokrim) have seized 60 million kroner ($5,800,000) worth of cryptocurrency stolen by the North Korean Lazarus hacking group last year from Axie Infinity's Ronin Bridge. [...] | Hack | APT 38 | ★★ |
|
2023-02-17 05:15:06 | Norway finds a way to recover crypto North Korea pinched in Axie heist (lien direct) | Meanwhile South Korea's Do Kwon is sought for fraud by US authorities Norwegian authorities announced on Thursday that they had recovered $5.9 million of cryptocurrency stolen in the Axie Infinity hack – an incident widely held to have been perpetrated by the Lazarus Group, which has links to North Korea.… | Hack Medical | APT 38 | ★★★ |
|
2023-02-16 16:40:07 | Scandinavian Airlines Hit By Hackers, Anonymous Sudan Takes Credit (lien direct) | A cyberattack against Scandinavian Airlines was reported, and “Anonymous Sudan” took credit. On Tuesday, a hack against Scandinavian Airlines (SAS) caused its website to go down and revealed some customer information. Customers who sought to log onto the SAS mobile app were directed to another user’s account, where they had access to their contact information […] | Hack | ★★ | |
|
2023-02-16 12:41:16 | Atlassian says recent data leak stems from third-party vendor hack (lien direct) | Atlassian has confirmed that a breach at a third-party vendor caused a recent leak of company data and that their network and customer information is secure. [...] | Hack | ★★★ | |
 |
2023-02-16 08:08:13 | Cybercriminal convicted of $90 million SEC earning reports hack (lien direct) | The owner of a Russian penetration-testing company has been found guilty of being part of an elaborate scheme that netted $90 million after stealing SEC earning reports. For nearly three years, 42-year-old Vladislav Klyushin - the owner of Moscow-based cybersecurity firm M-13 - and his co-conspirators had hacked into two US-based filing agents used by publicly-traded American companies to file earning reports to the Securities and Exchange Commission. As a Department of Justice press release explains, the earning reports contained sensitive corporate information that allowed the hackers to... | Hack | ★★ | |
|
2023-02-15 13:11:25 | Hyundai, Kia patch bug allowing car thefts with a USB cable (lien direct) | Automakers Hyundai and KIA are rolling out an emergency software update on several of their car models impacted by an easy hack that makes it possible to steal them. [...] | Hack | ★★★★ | |
|
2023-02-15 07:29:10 | Hyundai and Kia issue software upgrades to thwart killer TikTok car theft hack (lien direct) | Gone in 60 seconds using a USB-A plug and brute force instead of a key Korean car-makers Hyundai and Kia will issue software updates to some of their models after a method of stealing them circulated on TikTok, leading to many thefts and even some deaths.… | Hack Guideline | ★★ | |
|
2023-02-14 20:11:49 | Binance, Huobi freeze some cryptocurrency stolen in $100 million Harmony hack (lien direct) |  Cryptocurrency exchanges Binance and Huobi froze accounts that contained $1.4 million worth of assets stolen from blockchain company Harmony last June. The platforms were notified about the funds by blockchain research company Elliptic, which managed to trace it through sanctioned cryptocurrency mixer Tornado Cash. U.S. authorities said Tornado Cash was frequently used by hackers connected [… |
Hack | ★★ | |
|
2023-02-13 14:18:37 | Apple fixes new WebKit zero-day exploited to hack iPhones, Macs (lien direct) | Apple has released emergency security updates to address a new zero-day vulnerability used in attacks to hack iPhones, iPads, and Macs. [...] | Hack Vulnerability | ★★ | |
|
2023-02-13 10:06:02 | Namecheap Email Hacked, Phishing Emails Sent To MetaMask & DHL (lien direct) | A Sunday night email hack at domain registrar Namecheap resulted in a deluge of DHL and MetaMask phishing emails that sought to steal the recipients’ personal information and bitcoin wallets. The phishing attacks began at 4:30 PM ET and came from SendGrid, a company that Namecheap has previously utilized to send renewal notices and promotional […] | Hack | ★★ | |
 |
2023-02-12 14:34:42 | Pwnagotchi – Maximize Crackable WPA Key Material For Bettercap (lien direct) | Pwnagotchi is an A2C-based "AI" leveraging bettercap that learns from its surrounding WiFi environment to maximize crackable WPA key material it captures | Hack | ★★★ | |
 |
2023-02-10 21:36:00 | Reddit Hack Shows Limits of MFA, Strengths of Security Training (lien direct) | A tailored spear-phishing attack successfully convinced a Reddit employee to hand over their credentials and their one-time password, but soon after, the same worker notified security. | Hack | ★★★ | |
 |
2023-02-10 18:36:31 | This beginner-friendly ethical hacker training is 97% off (lien direct) | >The How to Hack from Beginner to Ethical Hacking Certification will teach you how to protect your systems and earn the trust of top clients. | Hack | ★★ | |
|
2023-02-10 12:37:34 | Canadian Bookstore Indigo Shuts Down Website After Cyberattack (lien direct) | The largest chain of bookstores in Canada, Indigo Books & Music, was the victim of a hack yesterday, forcing the business to restrict online payments to cash and shut down its website for customers. Although the precise nature of the breach is still unknown, Indigo does not rule out the possibility that hackers may have […] | Hack | ★★★ | |
|
2023-02-10 11:37:22 | Documents, Code, Business Systems Accessed in Reddit Hack (lien direct) | Reddit says its systems were hacked following a sophisticated phishing attack aimed at employees. | Hack | ★★★ | |
|
2023-02-08 15:00:27 | Australian Man Sentenced for Scam Related to Optus Hack (lien direct) | >Australian authorities sentence Sydney man for using leaked data stolen from wireless carrier Optus to conduct SMS scams. | Hack | ★★★ | |
|
2023-02-08 13:18:38 | Siemens License Manager Vulnerabilities Allow ICS Hacking (lien direct) | >The Siemens Automation License Manager is affected by two serious vulnerabilities that could be chained to hack industrial control systems (ICS). | Hack Industrial | ★★ | |
|
2023-02-08 06:30:14 | Suspect in Finnish psychotherapy center blackmail hack arrested (lien direct) | Suomi sentence expected for shrink records theft French police have arrested a 25-year-old Finnish man accused of hacking a psychotherapy clinic, stealing more than 22,000 patients' therapy notes, demanding ransom payments from them and also leaking this very private info on a Tor website.… | Hack | ★★★ | |
 |
2023-02-06 17:39:00 | Microsoft: Iranian Nation-State Group Sanctioned by U.S. Behind Charlie Hebdo Hack (lien direct) | An Iranian nation-state group sanctioned by the U.S. government has been attributed to the hack of the French satirical magazine Charlie Hebdo in early January 2023. Microsoft, which disclosed details of the incident, is tracking the activity cluster under its chemical element-themed moniker NEPTUNIUM, which is an Iran-based company known as Emennet Pasargad. In January 2022, the U.S. Federal | Hack | ★★ | |
 |
2023-02-06 17:27:00 | 12 au 13 mai Hack Day Édition 2023 (lien direct) | Le HackDay est un challenge de cybersécurité ouvert à tous les étudiants issus de l'enseignement supérieur, créé en 2022 par le Pôle Réseau et Sécurité OpenGate de l'Association ESIEESPACE et la société SIFARIS. - Événements | Hack | ★★★ | |
 |
2023-02-06 11:00:00 | The ethics of biometric data use in security (lien direct) | The content of this post is solely the responsibility of the author. AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article. In a world where you can scan the veins in your hand to unlock a smartphone, how do you maintain control over personal data? Biometric authentication, the use of distinctive human features like iris patterns, fingerprints and even gait in lieu of a password, is gaining ground in the tech world. Proponents tout its inherent, hard-to-replicate qualities as a security benefit, while detractors see the same features as an invasion of privacy. Both sides may be right. The problems with biometrics Unlike a password, you can’t forget your face at home. But also, unlike a password, you can’t reset your face — meaning you’re out of luck if someone steals a photo of it. In 2016, a biometrics researcher helped investigators hack into a murder victim’s phone with only a photo of the man’s fingerprint. While security systems are getting more advanced all the time, current technology also allows cybercriminals to run wild with a single piece of biometric data, accessing everything from laptop logins to bank accounts. By its very nature, biometric authentication requires third parties to store biometric data. What happens if the information is exposed? In addition to potential hacking, breaching people’s personal data might reveal something they’d rather keep private. Vein patterns could reveal that a person has a vascular disorder, raising their insurance premiums. Fingerprints could expose a chromosomal disease. True, people give this same information to their doctors, and a medical data breach could have the same repercussions. But handing off biometric data to a commercial company — which isn’t bound by HIPAA or sworn to do no harm — is a much grayer area. Another issue that occasionally plagues biometric authentication is injuries and natural bodily changes. A single paper cut can derail a fingerprint scanner, and an aging eye throws iris scanners for a loop. People will have to update their photos every few years to remind the system what they look like. Some facial recognition programs can even predict how long a person will live. Insurance companies have expressed interest in getting hold of this data, since the way a person ages says a lot about their health. If stolen biometric data fed into an algorithm predicts a person won’t make it past 50, will their employer pass them up for a promotion? In the event of an accident, your family won’t easily be able to access your accounts if you use biometric authentication, since it’s not as simple as writing down a list of passwords. Maybe that’s a good thing — but maybe not. Another ethical dilemma with biometric data use is identifying people without their consent. Most people are used to being on camera at the grocery store, but if that same camera snaps a photo without permission and stores it for later retrieval, they probably won’t be too happy. Some people point out that you have no right to privacy in a public space, and that’s true — to an extent. But where do you draw the line between publicity and paparazzi? Is it OK to snap a stranger’s photo while you’re talking to them, or is that considered rude and intrusive? The benefits of biometric data Of course, no one would be handing off a photo of their face if the | Data Breach Hack Prediction Medical | ★★ | |
|
2023-02-05 12:00:11 | Have we learnt nothing from SolarWinds supply chain attacks? Not yet it appears (lien direct) | From frameworks to new federal offices it's time to get busy The hack of SolarWinds' software more than two years ago pushed the threat of software supply chain attacks to the front of security conversations, but is anything being done?.… | Hack Threat | ★★ | |
|
2023-02-02 10:02:17 | City Of London Traders Hit By Russia-Linked Cyberattack (lien direct) | Following an attack on a firm that is crucial to the British financial system by a ransomware group with Russian ties, trading in the City of London has fallen into disarray. A top official in the US Treasury Department said on Wednesday that the hack on a UK-based software company that disrupted some futures trading […] | Ransomware Hack | ★★ | |
 |
2023-02-01 17:00:00 | Google Fi Confirms Data Breach, Hints At Link to T-Mobile Hack (lien direct) | The company uses a combination of T-Mobile and US Cellular for network connectivity | Hack | ★★ | |
|
2023-02-01 14:24:06 | Artificial Intelligence, ChatGPT and Cybersecurity: A Match Made in Heaven or a Hack Waiting to Happen? (lien direct) |
|
Hack | ChatGPT | ★★ |
|
2023-02-01 11:00:00 | Hackers Abused Microsoft\'s "Verified Publisher" OAuth Apps to Hack Corporate Email Accounts (lien direct) | Microsoft on Tuesday said it took steps to disable fake Microsoft Partner Network (MPN) accounts that were used for creating malicious OAuth applications as part of a malicious campaign designed to breach organizations' cloud environments and steal email. "The applications created by these fraudulent actors were then used in a consent phishing campaign, which tricked users into granting | Hack | ★★ | |
|
2023-02-01 09:13:44 | Kevin Bocek - Venafi commente la révocation des certificats de signature de code volés dans repo hack par GitHub (lien direct) | GitHub révoque les certificats de signature de code volés dans repo hack Commentaires de Kevin Bocek - Venafi - Points de Vue | Hack | ★ | |
|
2023-01-30 15:00:00 | Realtek Vulnerability Under Attack: 134 Million Attempts in 2 Months to Hack IoT Devices (lien direct) | Researchers are warning about a spike in exploitation attempts weaponizing a critical remote code execution flaw in Realtek Jungle SDK since the start of August 2022. According to Palo Alto Networks Unit 42, the ongoing campaign is said to have recorded 134 million exploit attempts as of December 2022, with 97% of the attacks occurring in the past four months. Close to 50% of the attacks | Hack Vulnerability | ★★★ | |
|
2023-01-30 13:27:03 | GitHub revokes code signing certificates stolen in repo hack (lien direct) | GitHub says that unknown attackers have stolen encrypted code-signing certificates for its Desktop and Atom applications after gaining access to some of its development and release planning repositories. [...] | Hack | ★★ | |
|
2023-01-30 12:34:09 | Breaking: JD Sports Data Breach Following Cyberattack (lien direct) | JD Sports has issued a warning that a cyberattack that affected the company may have exposed the personal information of roughly 10 million customers, including personal contact information, such as phone and email addresses. The hack may have affected customers who ordered goods from the business between 2018 and 2020. The company claimed that credit […] | Data Breach Hack | ★★ | |
|
2023-01-28 11:28:51 | Could hackers change the daily Wordle? Researchers are torn (lien direct) |  Researchers are split on whether someone could hack into the New York Times' massively popular game Wordle and change the daily word users are forced to figure out. In a blog post last month, Noname Security's David Thomason said the the entire list of daily Wordles for the next few months could be discovered by [… |
Hack | ★★★ | |
|
2023-01-27 18:42:03 | (Déjà vu) Bitwarden Password Vaults Subject Of Google Ads Phishing (lien direct) | Google Adwords phishing campaigns steal Bitwarden and other password managers’ vault passwords. As enterprises and consumers use unique passwords at every site, password managers must keep track of them. Unless you use KeePass, most password managers are cloud-based, allowing users to access their credentials via websites and mobile apps. “Password vaults” on the cloud encrypt […] | Hack | ★★★ | |
|
2023-01-27 15:49:00 | How Noob Website Hackers Can Become Persistent Threats (lien direct) | An academic analysis of website defacement behavior by 241 new hackers shows there are four clear trajectories they can take in future, researchers say. | Hack | ★★★ | |
|
2023-01-26 16:40:34 | Bitwarden password vaults targeted in Google ads phishing attack (lien direct) | Bitwarden and other password managers are being targeted in Google ads phishing campaigns to steal users' password vault credentials. [...] | Hack | ★★★ | |
 |
2023-01-26 09:30:21 | Crypto : le FBI a démasqué le coupable d\'un des plus grands hacks de 2022 (lien direct) |  Le FBI vient de confirmer l'identité des pirates derrière le hack de la blockchain Harmony. En coopérant avec des plates-formes comme Binance, les autorités sont remontées jusqu'à un groupe de pirates passé maître dans le vol de cryptomonnaies… |
Hack | ★★ | |
|
2023-01-25 21:43:00 | Zacks Investment Research Hack Exposes Data for 820K Customers (lien direct) | Zacks Elite sign-ups for the period 1999–2005 were accessed, including name, address, email address, phone number, and the password associated with Zacks.com. | Hack | ★ | |
|
2023-01-25 14:34:52 | Hackers auction alleged source code for League of Legends (lien direct) | Threat actors are auctioning the alleged source code for Riot Game's League of Legends and the Packman anti-cheat software, confirmed to be stolen in a recent hack of the game company's developer environment. [...] | Hack Threat | ★★ | |
|
2023-01-25 13:54:59 | Hilton denies hack after data from 3.7 million Honors customer offered for sale (lien direct) |  Hotel giant Hilton denied that it has been hacked after cybercriminals claimed to have breached the company's systems and stolen data related to 3.7 million customers. On Monday, hackers said they stole a database from 2017 consisting of information from customers enrolled in the Hilton Hotel Honors program. The information in the database includes names, [… |
Hack | ★★★★ | |
|
2023-01-25 12:00:00 | Password Dependency: How to Break the Cycle (lien direct) | >Hackers rarely hack in anymore. They log in using stolen, weak, default, or otherwise compromised credentials. That's why it's so critical to break the password dependency cycle. But how can this be done? | Hack | ★ | |
|
2023-01-25 10:00:00 | New Cheats May Emerge After Riot Games Hack (lien direct) | Ransomware actors stole source code, company reveals | Ransomware Hack | ★★★ | |
|
2023-01-24 17:28:00 | FBI Says North Korean Hackers Behind $100 Million Horizon Bridge Crypto Theft (lien direct) | The U.S. Federal Bureau of Investigation (FBI) on Monday confirmed that North Korean threat actors were responsible for the theft of $100 million in cryptocurrency assets from Harmony Horizon Bridge in June 2022. The law enforcement agency attributed the hack to the Lazarus Group and APT38, the latter of which is a North Korean state-sponsored threat group that specializes in financial cyber | Hack Threat Medical | APT 38 | ★★ |
|
2023-01-24 17:00:00 | FBI Confirms Lazarus Group Was Behind $100m Harmony Hack (lien direct) | The North Korean cyber actors laundered over $60m worth of Ethereum stolen during the heist | Hack | APT 38 | ★★★ |
To see everything:
Our RSS (filtrered)
