Hackers backed by North Korea's government exploited a critical Chrome zero-day in an attempt to infect the computers of hundreds of people working in a wide range of industries, including the news media, IT, cryptocurrency, and financial services, Google said Thursday. The flaw, tracked as CVE-2022-0609, was exploited by two separate North Korean hacking groups. READ MORE...
The US government today unsealed two blockbuster indictments handed down in 2021 charging four Russian nationals working for that nation's government with allegedly perpetrating two major industrial system cyberattack campaigns that targeted the global energy sector between 2012 and 2018. In a now-unsealed June 2021 indictment, the US Department of Justice charged Evgeny Viktorovich Gladkikh, a Russian Ministry of Defense research institute employee, and two co-conspirators. READ MORE...
British cops investigating a cyber-crime group have made a string of arrests. Though City of London Police gave few details on Thursday, officers are said to be probing the notorious extortionware gang Lapsus$, and have detained and released seven people aged 16 to 21. In a statement, the force said: "Seven people between the ages of 16 and 21 have been arrested in connection with an investigation into a hacking group. They have all been released under investigation. Our inquiries remain ongoing." READ MORE...
Researchers have disclosed a 'replay attack' vulnerability affecting select Honda and Acura car models, that allows a nearby hacker to unlock your car and even start its engine from a short distance. The attack consists of a threat actor capturing the RF signals sent from your key fob to the car and resending these signals to take control of your car's remote keyless entry system. READ MORE...
Researchers have found hundreds of malicious packages in the npm repository of open-source JavaScript code, designed to steal personally identifiable information (PII) in a large-scale typosquatting attack against Microsoft Azure cloud users. That's according to the JFrog Security Research team, which said that the set of packages appeared earlier this week and steadily grew since then, from about 50 packages to more than 200. READ MORE...