Data extortionists who stole up to 1 terabyte of data from Nvidia have delivered one of the most unusual ultimatums ever in the annals of cybercrime: allow Nvidia's graphics cards to mine cryptocurrencies faster or face the imminent release of the company's crown-jewel source code. A ransomware group calling itself Lapsus$ first claimed last week that it had hacked into Nvidia's corporate network and stolen more than 1TB of data. READ MORE...
The Security Service of Ukraine (SSU) said today "enemy" hackers are using compromised local government and regional authorities' websites to push rumors that Ukraine surrendered and signed a peace treaty with Russia. SSU revealed this in a tweet further distributed by Ukraine's State Service for Special Communication and Information Protection (SSSCIP) to Ukrainian Twitter users. READ MORE...
Brute-force hacking can crack an eight-character password in less than one hour, according to Hive Systems. In a new research published today, the security risk services firm says any password with less than seven characters can be brute-forced "instantly." Its findings show how more accessible and affordable cloud computing services make it simpler to crack passwords than two years ago, when the company showed that a relatively strong, eight-character password was crackable in eight hours. READ MORE...
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added 95 vulnerabilities to its list of actively exploited security issues, the largest number since issuing the binding operational directive (BOD) last year. Despite some of them being known for almost two decades, the agency notes that the bugs "pose significant risk to the federal enterprise." READ MORE...
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday announced adding 95 security flaws to its list of known exploited vulnerabilities, including more than 60 affecting Cisco and Microsoft products. Only five of the vulnerabilities added this week to CISA's catalog have a 2022 CVE identifier, namely flaws patched last month in Cisco's Small Business RV160, RV260, RV340, and RV345 series routers. READ MORE...
Without a critical update, Amazon Alexa devices could wake themselves up and start executing audio commands issued by a remote attacker, according to infosec researchers at Royal Holloway, University of London. By exploiting a now-patched vulnerability, a malicious person with some access to a smart speaker could broadcast commands to itself or to other smart speakers nearby. READ MORE...