Chinese Hackers Breached Law Firm Williams & Connolly via Zero-Day
Law firm Williams & Connolly said state-sponsored hackers breached some of its systems and gained access to attorney email accounts. The prominent Washington, DC-based law firm is known for representing political figures and government officials, including Barack Obama and the Clintons, as well as major companies such as Intel, Samsung, Google, Disney, and Bank of America. The probe showed that the attack was likely the work of a state-sponsored hacker group. READ MORE...
Hackers claim Discord breach exposed data of 5.5 million users
Discord says they will not be paying threat actors who claim to have stolen the data of 5.5 million unique users from the company's Zendesk support system instance, including government IDs and partial payment information for some people. The company is also pushing back on claims that 2.1 million photos of government IDs were disclosed in the breach, stating that approximately 70,000 users had their government ID photos exposed. READ MORE...
Attackers compromised ALL SonicWall firewall configuration backup files
The attackers who brute-forced their way into SonicWall's firewall cloud backup service accessed configuration backup files of all customers who have used the service, SonicWall stated on Wednesday, following the conclusion of a Mandiant-supported investigation into the incident. On September 17, SonicWall publicly confirmed the security incident and said that backup firewall preference files for fewer than 5% of its firewall install base had been accessed. READ MORE...
Hacktivists target critical infrastructure, hit decoy plant
A pro-Russian hacktivist group called TwoNet pivoted in less than a year from launching distributed denial-of-service (DDoS) attacks to targeting critical infrastructure. Recently, the threat actor claimed an attack on a water treatment facility that turned out to be a realistic honeypot system set up by threat researchers specifically to observe adversaries' movements. The compromise revealed that the threat actor moved from initial access to disruptive action in about 26 hours. READ MORE...
Vampire Bot Malware Sinks Fangs Into Job Hunters
A Vietnam-based threat group is targeting job seekers and digital marketing professionals with phishing emails that deliver malware designed for surveillance and data theft. The campaign, which researchers at Aryaka Threat Research Labs attributed to the group BatShadow, relies on zip archives containing lure PDFs and hidden malicious files that trigger installation of the malware once opened. Vampire Bot, as Aryaka is tracking the malware, supports features to profile compromised systems. READ MORE...
Chaos Ransomware Upgrades With Aggressive New C++ Variant
Chaos ransomware has gotten a significant facelift with an "aggressive" new variant that adds destructive tactics and clipboard hijacking for cryptocurrency theft, as well as other capabilities to bolster its operations for speed and effectiveness. Researchers from FortiGuard Labs have identified a new version of Chaos ransomware written in C++, the first not written in .NET, they revealed in a report published Wednesday. READ MORE...
One stolen iPhone uncovered a network smuggling thousands of devices to China
If you think Apple's 'Find My' feature was just there to help you locate your phone when it slipped down the side of the couch, think again. It turns out this service also helps law enforcement capture criminals. The original "Find My iPhone" was introduced in 2010 as a feature on the iPhone. It was a separate service from "Find My Friends," which allows you to track the location of contacts who consent. Apple merged these in 2019 for iOS 13. READ MORE...
GitHub Copilot Chat Flaw Leaked Data From Private Repositories
Legit Security has detailed a vulnerability in the GitHub Copilot Chat AI assistant that led to sensitive data leakage and full control over Copilot's responses. Combining a Content Security Policy (CSP) bypass with remote prompt injection, Legit Security's Omer Mayraz was able to leak AWS keys and zero-day bugs from private repositories, and influence the responses Copilot provided to other users. READ MORE...
- ...in 1919, the Cincinnati Reds win the World Series after eight members of the Chicago White Sox throw the game, resulting in the infamous "Black Sox" Scandal.
- ...in 1962, the visible light-emitting diode (LED), now the basis for most modern video, computer, and phone screens, is first demonstrated in Syracuse, New York.
- ...in 1964, Mexican-American film director Guillermo del Toro ("The Shape of Water", "Pan's Labyrinth") is born in Guadalajara.
- ...in 1980, Pope John Paul II greets the Dalai Lama during a private audience in Vatican City.
