The Department of the Treasury's Office of Foreign Assets Control (OFAC) announced that it is sanctioning Yin Kecheng, a cyber actor based in Shanghai, who was involved in the recent breach that compromised the Department of Treasury's network. The OFAC is also sanctioning Sichuan Juxinhe Network Technology, a cybersecurity company based in Sichuan involved with Salt Typhoon, a Chinese state-backed cybercriminal group that has compromised major US telecommunications companies and ISPs. READ MORE...
Dated configuration data and virtual private network (VPN) credentials for 15,474 Fortinet devices have been posted for free to the Dark Web. On Jan. 14, Fortinet disclosed a severe authentication bypass vulnerability in its FortiOS operating system and FortiProxy Web gateway, CVE-2024-55591. For a model of what the aftermath of such a vulnerability could look like, one need only look to a parallel bug from October 2022 that's still making waves today. READ MORE...
HPE has launched an investigation after a well-known hacker announced the sale of information allegedly stolen from the tech giant's systems. The notorious hacker IntelBroker announced on January 16 on a cybercrime forum that he is selling files obtained from HPE systems. The compromised data allegedly includes source code for products such as Zerto and iLO, private GitHub repositories, digital certificates, Docker builds, and even some personal information. READ MORE...
Hotel management platform Otelier suffered a data breach after threat actors breached its Amazon S3 cloud storage to steal millions of guests' personal information and reservations for well-known hotel brands like Marriott, Hilton, and Hyatt. The breach first allegedly occurred in July 2024, with continued access through October, with the threat actors claiming to have stolen amost eight terabytes of data from Otelier's Amazon AWS S3 buckets. READ MORE...
Now that the US Supreme Court has upheld a ban on the wildly popular video social media platform we know as TikTok, its most influential users have decided to retaliate by moving their game over to REDnote, a competing Chinese social media company, thus creating an entirely new, and arguably worse, situation for the nation's cybersecurity. The move to the alternate platform is emerging as a pop culture phenomenon. READ MORE...
Sage Group plc has confirmed it temporarily suspended its Sage Copilot, an AI assistant for the UK-based business software maker's accounting tools, this month after it blurted customer information to other users. A source familiar with the developer told The Register late last week: "A customer found when they asked [Sage Copilot] to show a list of recent invoices, the AI pulled data from other customer accounts including their own." READ MORE...
Kaspersky has disclosed the details of over a dozen vulnerabilities discovered in a Mercedes-Benz infotainment system, but the carmaker has assured customers that the security holes have been patched and they are not easy to exploit. Kaspersky's research of the Mercedes-Benz head unit, called Mercedes-Benz User Experience (MBUX), built on previous research conducted by a Chinese team that disclosed its findings in 2021. READ MORE...
OpenAI's ChatGPT crawler appears to be willing to initiate distributed denial of service (DDoS) attacks on arbitrary websites, a reported vulnerability the tech giant has yet to acknowledge. In a write-up shared this month via Microsoft's GitHub, Benjamin Flesch, a security researcher in Germany, explains how a single HTTP request to the ChatGPT API can be used to flood a targeted website with network requests from the ChatGPT crawler, specifically ChatGPT-User. READ MORE...