DarkHotel APT Targets Wynn, Macao Hotels to Rip Off Guest Data
An advanced persistent threat (APT) group has been targeting luxury hotels in Macao, China with a spear-phishing campaign aimed at breaching their networks and stealing the sensitive data of high-profile guests staying at resorts, including the Grand Coloane Resort and Wynn Palace. A threat research report from Trellix "cautiously" identified the South Korean DarkHotel APT group as the culprit behind the attacks. READ MORE...
Cryptocurrency Services Hit by Data Breach at CRM Company HubSpot
Cambridge, MA-based customer relationship management (CRM) company HubSpot over the weekend confirmed being targeted by hackers after several cryptocurrency services started informing their customers about a cybersecurity incident involving HubSpot. According to HubSpot, the incident occured on March 18, when a "bad actor" managed to hack into an employee account. After the breach was discovered, the impacted account's access was terminated. READ MORE...
This browser-in-browser attack is perfect for phishing
A novel way of tricking people out of their passwords has left us wondering if there's a need to rethink how much we trust our web browsers to protect us and to accelerate efforts to close web security gaps. Earlier this week, an infosec researcher known as mr.d0x described a browser-in-the-browser (BitB) attack. This technique, says mr.d0x, makes phishing more effective. READ MORE...
OpenSSL patches infinite-loop DoS bug in certificate verification
OpenSSL published a security update this week. The new versions are 3.0.2 and 1.1.1n, corresponding to the two currently-supported flavours of OpenSSL (3.0 and 1.1.1). The patch includes a few general fixes, such as error reporting that's been tidied up, along with an update for CVE-2022-0778, found by well-known bug eliminator Tavis Ormandy of Google's Project Zero team. Ormandy himself described the bug as "a fun one to work on." READ MORE...
Meet Exotic Lily, access broker for ransomware and other malware peddlers
The Google Threat Analysis Group (TAG) has shared their observations about a group of cybercriminals called Exotic Lily. This group has specialized itself as an initial access broker, which means they find a vulnerability in an organization's defenses, exploit that vulnerability, and sell the access to the victim's network to an interested party, several times over with different victims. READ MORE...
A big bet to kill the password for good
After years of tantalizing hints that a passwordless future is just around the corner, you're probably still not feeling any closer to that digital unshackling. Ten years into working on the issue, though, the FIDO Alliance, an industry association that specifically works on secure authentication, thinks it has finally identified the missing piece of the puzzle. READ MORE...
- ...in 1963, Alcatraz Federal Penitentiary closes its doors as a maximum security prison.
- ...in 1965, Dr. Martin Luther King, Jr. leads 3,200 people in a third and final civil rights march from Selma to Montgomery, AL in support of voting rights.
- ...in 1980, "Dallas" airs its third-season finale, "A House Divided", leading to months of speculation about "Who Shot J.R.?"
- ...in 1980, President Jimmy Carter announces a U.S. boycott of the 1980 Summer Olympics in Moscow, in protest of the Soviet war in Afghanistan.
