Pro-Russia hackers target inboxes with 0-day in webmail app used by millions
A relentless team of pro-Russia hackers has been exploiting a zero-day vulnerability in widely used webmail software in attacks targeting governmental entities and a think tank, all in Europe, researchers from security firm ESET said on Wednesday. The previously unknown vulnerability resulted from a critical cross-site scripting error in Roundcube, a server application used by more than 1,000 webmail services and millions of their end users. READ MORE...
BHI Energy Releases Details of Akira Ransomware Attack
Westinghouse subsidiary BHI Energy, an energy services provider, confirmed that it experienced an Akira ransomware attack in June. BHI's IT team at BHI discovered network data being encrypted in late June, as it proceeded to investigate the incident, it brought in outside counsel and a third-party cybersecurity firm. The cybersecurity firm found that Akira, the threat actor, gained initial access in late May through the compromised account of a third-party contractor. READ MORE...
Hackers Earn $400k on First Day at Pwn2Own Toronto 2023
The Pwn2Own Toronto 2023 hacking contest kicked off yesterday and participants successfully hacked NAS, printers, mobile phones, and other types of devices, earning a total of more than $400,000 on the first day. The highest reward of the day went to team Orca of Sea Security, which executed a two-vulnerability exploit chain (out-of-bounds read and use-after-free) against the Sonos Era 100 speaker, earning $60,000. READ MORE...
Hackers that breached Las Vegas casinos rely on violent threats, research shows
The prolific hacking group made up primarily of young people that was behind a recent breach that crippled several Las Vegas resorts has made graphic threats of violence as part of its attempts to force victims to give up their credentials, according to research released Wednesday. According to researchers with Microsoft's threat intelligence and incident response divisions, members of the group it tracks as Octo Tempest tends to first target technical personnel on support desks. READ MORE...
Firefox, Chrome Updates Patch High-Severity Vulnerabilities
Mozilla and Google this week announced software updates for Firefox and Chrome that address multiple high-severity vulnerabilities, including memory safety bugs. On Tuesday, Mozilla released Firefox 119 with patches for 11 vulnerabilities, including three high-severity issues. The first of the flaws, CVE-2023-5721, is an insufficient activation-delay bug that could result in the user unintentionally activating or dismissing browser prompts and dialogues. READ MORE...
Quishing: Tricks to look out for
QR code phishing - aka "quishing" - is on the rise, according to HP, Darktrace, Malwarebytes, AusCERT, and many others. QR codes are two-dimensional matrix barcodes used for tracking products, identifying items, simplifying actions such as connecting to a wireless network or setting up multi-factor authentication for accounts, and delivering specific content to mobile users (e.g., by opening a web page/app on the user's device). READ MORE...
Hackers can force iOS and macOS browsers to divulge passwords and much more
Researchers have devised an attack that forces Apple's Safari browser to divulge passwords, Gmail message content, and other secrets by exploiting a side channel vulnerability in the A- and M-series CPUs running modern iOS and macOS devices. iLeakage, as the academic researchers have named the attack, is practical and requires minimal resources to carry out. The nearly endless stream of exploit variants has left chip makers scrambling to devise mitigations. READ MORE...
- ...in 1774, The first Continental Congress, which protested British measures and called for civil disobedience, concludes in Philadelphia.
- ...in 1881, the Earp brothers and Doc Holliday have a shootout with the Clantons and McLaurys at the O.K. Corral in Tombstone, Arizona Territory.
- ...in 1940, The P-51 Mustang makes its maiden flight.
- ...in 1965, the Queen of England awards the Beatles the prestigious MBE at Buckingham Palace.
