Harmony blockchain loses nearly $100M due to hacked private keys
Another day, another De-Fi (decentralised finance) attack. This time, online smart contract company Harmony, which pitches itself as an "open and fast blockchain", has been robbed of more than $80,000,000's worth of Ether cryptocoins. Surprisingly (or unsurprisingly, depending on your point of view), if visit Harmony's website, you'll probably end up totally unware of the massive loss that the business just suffered. READ MORE...
Pro-Russia threat group Killnet is pummeling Lithuania with DDoS attacks
Internet services in Lithuania came under "intense" distributed denial of service attacks on Monday as the pro-Russia threat-actor group Killnet took credit. Killnet said its attacks were in retaliation regarding Lithuania's recent banning of shipments sanctioned by the European Union to the Russian exclave of Kaliningrad. Lithuania's government said that the flood of malicious traffic disrupted parts of the Secure National Data Transfer Network. READ MORE...
Chinese Hackers Target Building Management Systems
Threat hunters at Kaspersky have uncovered a series of attacks that targeted organizations across telecoms, transportation, and industrial sectors with the ShadowPad backdoor. The campaign hit the manufacturing and telecoms industries in Afghanistan and Pakistan, and a logistics and transport organization (a port) in Malaysia. Kaspersky initially identified the ShadowPad backdoor on industrial control systems (ICS) at a telecoms company in Pakistan. READ MORE...
Tencent admits to poisoned QR code attack on QQ chat platform
Chinese web giant Tencent has admitted to a significant account hijack attack on its QQ messaging and social media platform. In a post to rival social media platform Sina Weibo - a rough analog of Twitter - Tencent apologized for the incident. The problem manifested on Sunday night and saw an unnamed number of QQ users complain their credentials no longer allowed them access to their accounts. Tencent has characterized that issue as representing "stolen" accounts. READ MORE...
OpenSSL 3.0.5 awaits release to fix potential worse-than-Heartbleed flaw
The latest version of OpenSSL v3, a widely used open-source library for secure networking using the Transport Layer Security (TLS) protocol, contains a memory corruption vulnerability that imperils x64 systems with Intel's Advanced Vector Extensions 512 (AVX512). OpenSSL 3.0.4 was released on June 21 to address a command-injection vulnerability (CVE-2022-2068) that was not fully addressed with a previous patch (CVE-2022-1292). READ MORE...
LockBit 3.0 Debuts With Ransomware Bug Bounty Program
The LockBit ransomware group just released its latest ransomware-as-a-service offering, LockBit 3.0, and along with it a first for the Dark Web: a bug-bounty program. The bounty program offers up rewards for personal identifiable information (PII) on high-value targets, security exploits, and more, according to screen grabs of messages that appear to have been shared by LockBit actors. READ MORE...
Over 900,000 Kubernetes instances found exposed online
Over 900,000 misconfigured Kubernetes clusters were found exposed on the Internet to potentially malicious scans, some even vulnerable to data-exposing cyberattacks. Kubernetes is a highly versatile open-source container orchestration system for hosting online services and managing containerized workloads via a uniform API interface. However, if Kubernetes isn't configured properly, remote actors might be able to access internal resources and private assets that weren't meant to be made public. READ MORE...
Bank of the West found debit card-stealing skimmers on ATMs
The Bank of the West is warning customers that their debit card numbers and PINs have been stolen by skimmers installed on several of the bank's ATMs. The financial institute, which operates over 600 branches in the United States, first detected a wave of suspicious withdrawal attempts in November 2021 and coordinated with law enforcement to conduct an in-depth investigation. READ MORE...
Carnival to pay $5M for cyber violations to NY financial regulator
The New York State Department of Financial Services imposed a $5 million penalty on Carnival Corp. for multiple violations committed in connection with four cybersecurity incidents - including two ransomware attacks - between 2019 and 2021. The New York State Department of Financial Services imposed a $5 million penalty on Carnival Corp. for multiple violations committed in connection with four cybersecurity incidents - including two ransomware attacks - between 2019 and 2021. READ MORE...
Mitel VoIP Bug Exploited in Ransomware Attacks
Ransomware groups are abusing unpatched versions of a Linux-based Mitel VoIP (Voice over Internet Protocol) application and using it as a springboard plant malware on targeted systems. The critical remote code execution (RCE) flaw, tracked as CVE-2022-29499, was first report by Crowdstrike in April as a zero-day vulnerability and is now patched. Mitel is popularly known for providing business phone systems and unified communication as a service (UCaaS) to all forms of organizations. READ MORE...
- ...in 1846, Belgian inventor and musician Adolphe Sax patents the saxophone.
- ...in 1914, Archduke Franz Ferdinand of Austria and his wife Sophie are assassinated by Yugoslavian nationalist Gavrilo Princip, sparking the events leading to World War I.
- ...in 1926, film director and comedy legend Mel Brooks ("Blazing Saddles", "Young Frankenstein") is born in Brooklyn, New York.
- ...in 1946, comedian and original 'Saturday Night Live" cast member Gilda Radner is born in Detroit, MI.
