Nintendo confirms data stolen in WebMD subsidiary cyberattack
Nintendo of America has confirmed to BleepingComputer that threat actors stole survey data from the third-party TinyPulse service used internally, but its systems were not compromised. The company's statement comes after claims from the Shadowbyt3$ "extortion-as-a-service" threat group that they exfiltrated sensitive data related to Nintendo of America employees. "We are aware of an issue involving TinyPulse, a service used for internal surveys at Nintendo of America," stated Nintendo. READ MORE...
Klue breach lead to Salesforce data theft, Huntress affected
Cybersecurity vendor Huntress was among multiple companies hit by a breach originating at Klue, a market intelligence platform used to integrate CRM and sales data across various business tools. Huntress published a detailed account of the incident on June 18, framing it as a "security domino effect" that began with one compromised integration credential and cascaded into theft of customer data across several connected platforms, including Salesforce. READ MORE...
Apple patches Beats Studio Buds flaw that could turn earbuds into a wiretap
Apple has patched a Bluetooth flaw in Beats Studio Buds that could potentially turn your earbuds into a nearby wiretap. When you buy a pair of Bluetooth earbuds, you expect them to play your music and your calls-not someone else's. But a vulnerability in Apple's Beats Studio Buds shows how that trust can be abused, turning everyday audio gear into a potential eavesdropping tool for anyone close enough and skilled enough to exploit it. READ MORE...
Microsoft discovers new lightweight backdoor that steals cryptocurrency
Microsoft says it has detected new self-propagating malware that spreads through USB drives in search of cryptocurrency credentials, which it then sends to attacker-controlled servers. The company named the worm Crypto Clipper because it monitors the contents of device clipboards for patterns consistent with wallet addresses or seed phrases. When found, the malware also takes five screenshots over a 10-second period. READ MORE...
Gentlemen ransomware uses multiple EDR killers to disable defenses
The Gentlemen ransomware-as-a-service (RaaS) is actively developing and maintaining a suite of endpoint detection and response (EDR) killers to help affiliates evade detection in attacks. The gang employs a collection of EDR-killing tools, most notably a utility that researchers dubbed GentleKiller. The tool has at least eight variants and impersonates various legitimate security products, including Kaspersky, Valorant, Javelin, and WatchDog. READ MORE...
Cybercriminals abused GitHub, YouTube and VirusTotal to push crypto-stealing malware
A cryptocurrency-stealing malware campaign used inflated GitHub activity, software reviews, YouTube tutorials and favorable VirusTotal comments to make malicious trading and gambling tools appear trustworthy, Check Point researchers found. According to the researchers, the attackers packaged the malware as tools designed to help users make money. The offerings included cryptocurrency sniper bots and gambling "predictors" that claimed to identify winning opportunities before other traders. READ MORE...
Novo Nordisk Breach Exposes Software Development Pipeline Risk
A recent - and likely massive - breach at Novo Nordisk, where attackers reportedly gained an initial foothold using a single GitHub access token, underscores how code repositories and developer environments have become ground zero for attackers seeking intellectual property, credentials, and software supply chain assets. Novo Nordisk, the Danish pharmaceutical giant behind blockbuster drugs Ozempic and Wegovy, disclosed the breach June 11. READ MORE...
Authorities disrupt Evil Corp's SocGholish botnet
Authorities on Thursday disrupted a botnet, a malware framework and seized infrastructure that Evil Corp and other cybercrime groups used to steal data and break into various networks. The globally coordinated effort targeted SocGholish, multi-stage malware that has compromised websites, redirected users to traffic distribution systems (TDS) and slipped malware into their networks since 2017. READ MORE...
FIFA Bug Exposes World Cup Streams to Remote Takeover
An egregious access control vulnerability in FIFA's Microsoft Entra environment allowed an ethical hacker to gain direct control over global World Cup television streams, match management systems, and more. Not since 1962, when USSR vice admiral Vasily Arkhipov saved the human race by refusing to consent to a nuclear missile launch, has humanity been spared such a potentially horrific fate as it was just a few days ago. READ MORE...
- ...in 1865, Union Major General Gordon Granger proclaims the end of slavery in Texas, two years after the Emancipation Proclamation. This is celebrated today as Juneteenth.
- ...in 1910, the first Father's Day is celebrated in Spokane, Washington.
- ...in 1949, the first ever NASCAR race is held at Charlotte Motor Speedway.
- ...in 1978, Jim Davis's "Garfield", the world's most widely syndicated comic strip, makes its debut.
