Federal authorities have charged two Sudanese nationals with running an operation that performed tens of thousands of distributed denial of service (DDoS) attacks against some of the world's biggest technology companies, as well as critical infrastructure and government agencies. The service, branded as Anonymous Sudan, directed powerful and sustained DDoSes against Big Tech companies, including Microsoft, OpenAI, Riot Games, PayPal, Steam, Hulu, Netflix, Reddit, GitHub, and Cloudflare. READ MORE...
The 8Base ransomware crew claims to have stolen a huge data dump of Volkswagen files and is threatening to publish them, but the German car giant appears to be unconcerned. The extortionists, who first came to light in 2022, posted a warning on their dark web page claiming to have detailed files stolen from Volkswagen, amongst others. The group says it has stolen "a huge amount of confidential information." READ MORE...
Iranian hackers are aggressively trying to crack passwords in the health care, government, information technology, energy and engineering sectors, an advisory from U.S., Canadian and Australian cyber agencies said Wednesday. The "brute force" attacks - which take a variety of forms - date to October of last year, according to the FBI, the Cybersecurity and Infrastructure Security Agency, the National Security Agency, the Communications Security Establishment Canada, with other agencies. READ MORE...
Brazilian police are being cagey with the details about the arrest of a person suspected to be responsible for various high-profile data thefts. The policia federal, aka the "PF," seized the suspect on Wednesday, noting they were being held in connection to online assaults on the FBI's InfraGard, Airbus, the US Environmental Protection Agency (EPA), and the PF itself. The arrested individual wasn't named, although people didn't have to pull a muscle to make the connection to USDoD. READ MORE...
F5 on Wednesday published its October 2024 quarterly security notification, describing two vulnerabilities addressed in BIG-IP and BIG-IQ enterprise products. Updates released for BIG-IP address a high-severity security defect tracked as CVE-2024-45844. Affecting the appliance's monitor functionality, the bug could allow authenticated attackers to elevate their privileges and make configuration changes. READ MORE...
Cisco on Wednesday announced patches for eight vulnerabilities in the firmware of ATA 190 series analog telephone adapters, including two high-severity flaws leading to configuration changes and cross-site request forgery (CSRF) attacks. Impacting the web-based management interface of the firmware and tracked as CVE-2024-20458, the first bug exists because specific HTTP endpoints lack authentication. READ MORE...
In the beginning, North Korean hackers compromised the banking infrastructure running AIX, IBM's proprietary version of Unix. Next, they hacked infrastructure running Windows. Now, the state-backed bank robbers have expanded their repertoire to include Linux. The malware, tracked under the name FASTCash, is a remote access tool that gets installed on payment switches inside compromised networks that handle payment card transactions. READ MORE...
Mozilla has announced a security fix for its Firefox browser which also impacts the closely related Tor Browser. The new version fixes one critical security vulnerability which is reportedly under active exploitation. To address the flaw, both Mozilla and Tor recommend that users update their browsers to the most current versions available. Firefox users that have automatic updates enabled should have the new version available as soon or shortly after they open the browser. READ MORE...
Many countries and regions across the world have been moving quickly on electric cars in recent years. Around 14 million new cars were registered in 2023 alone, a 35% annual increase which brings the worldwide total to over 40 million. But with new technology comes new threats. Ever alert to fresh money-making opportunities, criminal groups are blending physical and virtual-world threats to steal drivers' payment details. READ MORE...
Researchers at China's Shanghai University have demonstrated how quantum mechanics could pose a realistic threat to current encryption schemes even before full-fledged quantum computers become available. The researchers' paper describes how they developed a working RSA public key cryptography attack using D-Wave's Advantage quantum computer. Specifically, the researchers used the computer to successfully factor a 50-bit integer into its prime factors. READ MORE...