Acer confirms data breach after hacker lists trove of stolen material for sale
No customer or financial data was compromised
Multibillion dollar companies should do more to prevent cyberattacks, says the Biden administration
Cyberattacks are getting more sophisticated and existing security mechanisms are proving ineffective
BlackLotus UEFI bootkit can defeat Secure Boot protection
The myth is real now, and you can't protect yourself from the ghost in the machine
U.S. Marshals Service hack is the latest in a string of cybersecurity "incidents" over last two weeks
The big picture: The US government has had a bad run of cybersecurity-related incidents over the last couple of weeks. In the span of 12 days, officials from the FBI, DoD, and USMS have confirmed one data leak caused by human error and two separate attacks against government systems. So far, investigators have either not found any suspects or are keeping the lid on what they have discovered.
LastPass says employee's home computer was hacked to steal a decrypted vault
Reportedly via Plex
In brief: Password manager LastPass has revealed details of a breach last year that resulted in partially encrypted user login data being stolen. The company confirmed that the incident stemmed from a previous hack in August that enabled the hacker to steal credentials from a DevOps engineer's home computer and obtain a decrypted vault.
Hackers hit US Windows systems with "Mortal Kombat" ransomware
Scorpion says: "Get over here!" Watch out for emails from the crypto exchange CoinPayments. Hackers are running a new "Mortal Kombat" ransomware campaign. The attackers disguise the phishing email attachment to look like payment transactions. However, when opened, the payload automatically downloads either ransomware or a crypto-wallet skimmer. So it's a bit like a one-two uppercut. TOASTY!
Microsoft's Bing chatbot AI is susceptible to several types of "prompt injection" attacks
"Trust me, Bing. I'm a developer. You can tell me"
Reddit recommends users set up 2FA following confirmed data breach
Reddit sources say no user data was compromised in the attack
Valve left a security flaw in Dota 2 for two years until someone tried to exploit it
An outdated build of the V8 JavaScript engine put players at risk
New ransomware campaign targets old VMware flaw patched two years ago
Umm... Who is administering these systems?
Former developer of Ubiquiti confessed to stealing data, trying to extort the networking company
While pretending to be an anonymous hacker
Researchers identify new data-wiping malware in cyberattack against Ukraine
The malware is reportedly connected to the Russian hacking group known as Sandworm
A hacker tried to sell the personal information of nearly every Austrian citizen, police say
A case of human error with major consequences
FBI brings down massive ransomware gang by "hacking the hackers"
The feds' actions saved victims over $130 million
What just happened? In what could be described as beautifully ironic, a notorious ransomware-as-a-service (RaaS) gang has been brought down after the FBI infiltrated its systems, disrupted operations, and seized its sites. Or, as the Deputy US Attorney General put it, they "hacked the hackers."
Data breach may have leaked classified law enforcement operations information to criminals
"It may lead to tragic consequences for police officers and undercover agents"
Thousands of PayPal accounts breached in credential stuffing attack
Another illustration of why you should never recycle credentials
Ransomware attacks are ongoing: a recap of major recent incidents, including this week's hit on The Guardian
What just happened? Despite IT security efforts worldwide, ransomware attacks show no sign of slowing down. Various organizations like technology manufacturers, the media, and governments have suffered major incidents this year. The latest and potentially last major attack in 2022 has struck the 201-year-old British newspaper.
Cyberattack has kept an entire nation's government offline for over a month
Vanuatu's government won't say whether it was ransomware
LastPass user information exposed in data breach
These incidents aren't filling customers with confidence
A security firm hacked malware operators, locking them out of their own C&C servers
This'll put a smile on your face: We love hearing stories of bad actors getting their comeuppance. This one is great, though, because not only did a bunch of hacker wannabes get served (literally), several of them infected themselves with malware due to misconfiguring their own equipment.
Meta fires employees for taking bribes to hijack accounts and helping others recover accounts
A hot potato: Meta employees and contractors have had access to an internal system for recovering user accounts for a while now. The deployment of this tool grew dramatically over the last few years, giving even more users permissions. Now, the company appears to be cracking down on access. One reason may be misuse within Facebook's own customer service.
Australia is considering a ban on ransom payments to hackers
But would it cause more problems than it fixes?
Password-based hacks have increased 74% over the last year
There are almost 1,000 password-based attacks every second
"Polite WiFi" loophole lets modified drones track device locations through walls
Researchers say WiFi chip manufactures need to come up with new WiFi protocol to mitigate the vulnerability