When visiting The Internet Archive (www.archive.org) on Wednesday afternoon, The Verge was greeted with a pop-up claiming the site had been hacked. Just after 9PM ET, Internet Archive founder Brewster Kahle confirmed the breach and said the website had been defaced with the notification via a JavaScript library. Here's what the pop-up said: "Have you ever felt like the Internet Archive runs on sticks and is constantly on the verge of suffering a catastrophic security breach?" READ MORE...
The Florida business behind data brokerage National Public Data has filed for bankruptcy, admitting "hundreds of millions" of people were potentially affected in one of the largest information leaks of the year. In June, the hacking group USDoD put a 277.1 GB file of data online that contained information on about 2.9 billion individuals, and asked $3.5 million for it. The data came from National Public Data, which offered background checks to corporate clients via its API. READ MORE...
Over 237,000 Comcast customers have had their sensitive personal information compromising following a ransomware attack against a third party company. Financial Business and Consumer Solutions (FBCS), a debt collection agency previously used by Comcast, was the subject of a ransomware attack in February 2024, which had a database of names, addresses, social security numbers, dates of birth, and Comcast account details exposed. READ MORE...
The parents of a 19-year-old Connecticut honors student accused of taking part in a $243 million cryptocurrency heist in August were carjacked a week later. Prosecutors say the couple was beaten and briefly kidnapped as part of a botched plan to hold the parents for ransom. Approximately one week earlier a group of cybercriminals executed a sophisticated phone-based social engineering attack in which they stole $243 million worth of cryptocurrency from a victim in Washington, D.C. READ MORE...
It's patch time for Firefox fans as Mozilla issues a security advisory for a critical code execution vulnerability in the browser. Mozilla said CVE-2024-9680 is a use-after-free issue in Animation timelines - the pane within the Firefox browser's Page Inspector that depicts how a given element's animation progresses. The most alarming aspect of the advisory, however, was Mozilla revealing that the vulnerability is being exploited in the wild already. READ MORE...
Trusted and widely used software development and collaboration platforms like GitHub and GitLab have become both targets of and vehicles for a growing range of malicious activity. The latest manifestations of that trend include a malware distribution campaign involving legitimate GitHub repositories and the availability this week of an exploit for a vulnerability that allows an attacker to gain access as any user of GitLab. READ MORE...
Today, CISA revealed that attackers actively exploit a critical FortiOS remote code execution (RCE) vulnerability in the wild. The flaw (CVE-2024-23113) is caused by the fgfmd daemon accepting an externally controlled format string as an argument, which can let unauthenticated threat actors execute commands or arbitrary code on unpatched devices in low-complexity attacks that don't require user interaction. READ MORE...