Have I Been Pwned adds 284M accounts stolen by infostealer malware
?The Have I Been Pwned data breach notification service has added over 284 million accounts stolen by information stealer malware and found on a Telegram channel. HIBP founder Troy Hunt says he found 284,132,969 compromised accounts while analyzing 1.5TB of stealer logs likely collected from numerous sources and shared on a Telegram channel known as "ALIEN TXTBASE." "They contain 23 billion rows with 493 million unique website and email address pairs." Hunt stated in a Tuesday blog. READ MORE...
Australian IVF giant Genea breached by Termite ransomware gang
?The Termite ransomware gang has claimed responsibility for breaching and stealing sensitive healthcare data belonging to Genea patients, one of Australia's largest fertility services providers. The IVF (in vitro fertilization) provider has been operating since 1986 (when it was known as Sydney IVF). It offers a wide range of services, including fertility treatments, tests, genetic services, preservation options, and donor programs. READ MORE...
Background check, drug testing provider DISA suffers data breach
DISA Global Solutions, a Texas-based company that provides employment screening services (including drug and alcohol testing and background checks) for over 55,000 organizations, has suffered a cyber incident that led to a data breach, which resulted in the potential compromise of personal and financial information of over 3.3 million individuals. DISA discovered the breach on April 22, 2024. READ MORE...
AI Tricksters Spin Up Fake DeepSeek Sites to Steal Crypto
Threat actors are leveraging brand impersonation techniques to create fake websites mimicking DeepSeek, an AI chatbot from China that launched just a month ago. Their goal? Getting users to divulge personal and sensitive information. A significant number of imposter sites imitating DeepSeek have already popped up, according to researchers at ThreatLabz, including deepseeksol[.]com, deepseeksky[.]com, deepseek[.]app, deepseekaiagent[.]live, and many more. READ MORE...
Chinese Botnet Powered by 130,000 Devices Targets Microsoft 365 Accounts
A botnet controlled by a threat actor linked to China has been observed targeting Microsoft 365 accounts with large-scale password spraying attacks, SecurityScorecard reported on Monday. According to the security firm, the botnet is powered by more than 130,000 compromised devices and the attacks aimed at Microsoft 365 accounts rely on non-interactive sign-ins with Basic Authentication. READ MORE...
New 'Auto-Color' Linux Malware Targets North America, Asia
Palo Alto Networks has shared details on a new piece of Linux malware that gives threat actors backdoor access to compromised devices. Named Auto-Color (based on the name of the initial payload), the Linux malware was first spotted by the security firm in early November 2024. Palo Alto obtained the most recent sample on December 5, 2024. The company's analysis showed that Auto-Color has mainly been used to target universities and governments in North America and Asia. READ MORE...
Bruce Schneier: An iCloud Backdoor Would Make Our Phones Less Safe
Last month, the UK government demanded that Apple weaken the security of iCloud for users worldwide. On Friday, Apple took steps to comply for users in the United Kingdom. But the British law is written in a way that requires Apple to give its government access to anyone, anywhere in the world. If the government demands Apple weaken its security worldwide, it would increase everyone's cyber-risk in an already dangerous world. READ MORE...
House Dems say DOGE is leaving publicly exposed entry points into government systems
Democrats on the House Oversight Committee say the Department of Government Efficiency (DOGE) is jeopardizing cybersecurity by publicly exposing entry points into U.S. government systems, and told the Trump administration it needs to provide information on department officials' access. "Decades of efforts by both Republican and Democratic administrations, along with bipartisan collaboration in Congress, have strengthened the federal government's cybersecurity practices," the trio of lawmakers wrote Tuesday. READ MORE...
Max Severity RCE Vuln in All Versions of MITRE Caldera
A maximum severity remote code execution (RCE) bug has emerged that affects all versions of MITRE Caldera going back to the first versions of the open source adversary-emulation platform. Attackers can trigger the bug in most Caldera default configurations as long as Go, Python, and gcc are present on the server where Caldera is running. "All of these dependencies are required for Caldera to be fully functional in the first place," wrote [security researcher] Dawid Kulikowski. READ MORE...
More than 400 SonicWall firewall instances remain vulnerable to attack
More than 5,000 instances of an authentication bypass flaw in SonicWall firewalls are exposed to the internet and 460 were listed as vulnerable to exploitation, according to a report released Friday by Censys. The number of vulnerable instances was down to 445 as of Tuesday, researchers said. The vulnerability, listed as CVE-2024-53704, is an improper authentication vulnerability in the SSL VPN mechanism that can allow a remote attacker to bypass authentication. READ MORE...
- ...in 1919, President Woodrow Wilson signs an act of Congress establishing Grand Canyon National Park.
- ...in 1928, early rock 'n' roll musician Antoine "Fats" Domino ("Ain't That A Shame", "Blueberry Hill") is born in New Orleans, LA.
- ...in 1929, President Calvin Coolidge signs an executive order establishing Grand Teton National Park in Wyoming.
- ...in 1932, singer-songwriter Johnny Cash ("I Walk the Line", "Ring of Fire") is born in Kingsland, AR.
