The Lapsus$ hacker group on Wednesday leaked tens of gigabytes of files allegedly stolen from IT giant Globant. The hackers have made available roughly 70 Gb of data that they claim represents Globant customer source code. SecurityWeek has reached out to Globant for comment, but we have yet to hear back. In addition to source code, the cybercriminals published on their Telegram channel a list of usernames and passwords that they claim can be used to access various development platforms used by Globant. READ MORE...
The cryptocurrency used to play the Pokémon-inspired blockchain game Axie Infinity was the target of a March 23 crypto heist of more than $600 million, one of the largest in history. In February 2021, the Ronin blockchain debuted. Ronin offers 20 free transactions to each account holder. The hacker compromised the Ronin and third-party Axie DAO validator nodes using hacked private keys to forge fake withdrawals. READ MORE...
VMware Horizon servers - which many organizations are using to enable secure anywhere, anytime access to enterprise apps for remote workers - continue to be a popular target for attackers looking to exploit the critical Apache Log4j remote code execution vulnerability disclosed in December 2021. Researchers from Sophos this week said they had observed a wave of attacks against vulnerable Horizon servers starting January 19, 2022, through now. READ MORE...
If you've received a spam SMS message sent from your own phone number, don't panic. No, you weren't hacked. And you're not the only one who has received such a message. But why do they make it look like the text has come from your own number? It's likely the scammers spoofed it in order to get past built-in filter features because they don't block messages you send yourself. READ MORE...
A newly launched information-stealing malware variant called Mars Stealer is rising in popularity, and threat analysts are now spotting the first notable large-scale campaigns employing it. Mars Stealer emerged as a redesign of the Oski malware that shut down development in 2020, featuring extensive info-stealing capabilities targeting a broad spectrum of apps. READ MORE...
There is a terrifying and highly effective "method" that criminal hackers are now using to harvest sensitive customer data from Internet service providers, phone companies and social media firms. It involves compromising email accounts and websites tied to police departments and government agencies, and then sending unauthorized demands for subscriber data while claiming the information being requested can't wait for a court order because it relates to an urgent matter of life and death. READ MORE...
Russia's biggest Internet company has embedded code into apps found on mobile devices that allows information about millions of users to be sent to servers located in its home country. The revelation relates to software created by Yandex that permits developers to create apps for devices running Apple's iOS and Google's Android, systems that run the vast majority of the world's smartphones. READ MORE...
A Wyze Cam internet camera vulnerability allows unauthenticated, remote access to videos and images stored on local memory cards and has remained unfixed for almost three years. The bug, which has not been assigned a CVE ID, allowed remote users to access the contents of the SD card in the camera via a webserver listening on port 80 without requiring authentication. READ MORE...
Researchers from the University of Oxford published details of a vulnerability in the Combined Charging System that has the potential to abort charging. The Combined Charging System (CCS) is one of the plethora of standards in the EV charging world, and allows DC fast charging. Different plug types are used for the US and EU regions (dubbed Combo 1 and 2 respectively) but both use the same underlying technology. READ MORE...