LastPass says employee's home computer was hacked to steal a decrypted vault
Reportedly via Plex
Hackers hit US Windows systems with "Mortal Kombat" ransomware
Scorpion says: "Get over here!" Watch out for emails from the crypto exchange CoinPayments. Hackers are running a new "Mortal Kombat" ransomware campaign. The attackers disguise the phishing email attachment to look like payment transactions. However, when opened, the payload automatically downloads either ransomware or a crypto-wallet skimmer. So it's a bit like a one-two uppercut. TOASTY!
Microsoft's Bing chatbot AI is susceptible to several types of "prompt injection" attacks
"Trust me, Bing. I'm a developer. You can tell me"
Reddit recommends users set up 2FA following confirmed data breach
Reddit sources say no user data was compromised in the attack
Valve left a security flaw in Dota 2 for two years until someone tried to exploit it
An outdated build of the V8 JavaScript engine put players at risk
New ransomware campaign targets old VMware flaw patched two years ago
Umm... Who is administering these systems?
Former developer of Ubiquiti confessed to stealing data, trying to extort the networking company
While pretending to be an anonymous hacker
Researchers identify new data-wiping malware in cyberattack against Ukraine
The malware is reportedly connected to the Russian hacking group known as Sandworm
A hacker tried to sell the personal information of nearly every Austrian citizen, police say
A case of human error with major consequences
FBI brings down massive ransomware gang by "hacking the hackers"
The feds' actions saved victims over $130 million
What just happened? In what could be described as beautifully ironic, a notorious ransomware-as-a-service (RaaS) gang has been brought down after the FBI infiltrated its systems, disrupted operations, and seized its sites. Or, as the Deputy US Attorney General put it, they "hacked the hackers."
Data breach may have leaked classified law enforcement operations information to criminals
"It may lead to tragic consequences for police officers and undercover agents"
Thousands of PayPal accounts breached in credential stuffing attack
Another illustration of why you should never recycle credentials
Ransomware attacks are ongoing: a recap of major recent incidents, including this week's hit on The Guardian
What just happened? Despite IT security efforts worldwide, ransomware attacks show no sign of slowing down. Various organizations like technology manufacturers, the media, and governments have suffered major incidents this year. The latest and potentially last major attack in 2022 has struck the 201-year-old British newspaper.
Cyberattack has kept an entire nation's government offline for over a month
Vanuatu's government won't say whether it was ransomware
LastPass user information exposed in data breach
These incidents aren't filling customers with confidence
A security firm hacked malware operators, locking them out of their own C&C servers
This'll put a smile on your face: We love hearing stories of bad actors getting their comeuppance. This one is great, though, because not only did a bunch of hacker wannabes get served (literally), several of them infected themselves with malware due to misconfiguring their own equipment.
Meta fires employees for taking bribes to hijack accounts and helping others recover accounts
A hot potato: Meta employees and contractors have had access to an internal system for recovering user accounts for a while now. The deployment of this tool grew dramatically over the last few years, giving even more users permissions. Now, the company appears to be cracking down on access. One reason may be misuse within Facebook's own customer service.
Australia is considering a ban on ransom payments to hackers
But would it cause more problems than it fixes?
Password-based hacks have increased 74% over the last year
There are almost 1,000 password-based attacks every second
"Polite WiFi" loophole lets modified drones track device locations through walls
Researchers say WiFi chip manufactures need to come up with new WiFi protocol to mitigate the vulnerability
Reflection DDoS attacks are on the rise again
Why it matters: A resurgence in vulnerable CLDAP servers is making DDoS attacks more powerful and dangerous. Windows network administrators should adopt strict security practices or take the server off the internet if there is no practical need for using the CLDAP protocol.
iOS 16.1 and iPadOS 16 contain fixes for a zero-day exploit already seen in the wild
PSA: Apple has averaged about one zero-day vulnerability per month since January. The latest came with iOS 16, which hackers may have actively exploited over the last month. Apple issued iOS and iPadOS versions 16.1 and 16 earlier this week. Users with compatible devices should update them immediately.
"Dormant Color" malware infects millions of PCs with malicious Chrome extensions
What just happened? Researchers with Guardio Security uncovered a "vast campaign" of malicious data-collecting browser extensions. The analysts dubbed it "Dormant Colors" because of the malware's focus on color and style themes --- Action Colors, Power Colors, Super Colors, and so on. Dormant Colors consists of 30 different extensions that millions of users have downloaded.
Customize your boot screen with this easy Steam Deck hack
It only takes a few minutes