hackers
-
Blog
Freight company Delmar refused to pay ransom when hackers breached SSNs and other data
The US arm of Canadian freight company Delmar International this week confirmed it notified and undisclosed number of people about a November 2024 data breach that compromised the following personal info: Name Social Security number Date of birth Home address Phone number Email address Payroll info Ransomware gang Rhysida claimed responsibility for the attack. In a LinkedIn post, Delmar CEO…
Read More » -
Blog
TikTok Influencers Are Wrong About Hackers Stealing Credit Card Information Over AirDrop
Before I get started: No, people can’t steal your credit card information using AirDrop. AirDrop doesn’t even know what your credit card number is. In a hoax that’s been spreading around TikTok as of late (the source of the rumor is unclear), viral videos are now saying that hackers can use the iPhone’s AirDrop feature to steal your credit card…
Read More » -
Blog
Russian hackers use RDP proxies to steal data in MiTM attacks
The Russian hacking group tracked as APT29 (aka “Midnight Blizzard”) is using a network of 193 remote desktop protocol proxy servers to perform man-in-the-middle (MiTM) attacks to steal data and credentials and to install malicious payloads. The MiTM attacks utilized the PyRDP red team proxy tool to scan the victims’ filesystems, steal data in the background, and remotely execute rogue applications…
Read More » -
Blog
LastPass breach comes back to haunt users as hackers steal $12 million in cryptocurrency
A major data breach at password manager firm LastPass in 2022 is still causing mayhem two years later, with cyber criminals using stolen information to carry out further attacks. According to data collated by crypto investigator ZachXBT, hackers stole $12.38 million in cryptocurrency from LastPass users on 16 and 17 December. The attackers drained nearly 150 individual victim addresses, according…
Read More » -
Blog
Researchers claim an AMD security flaw could let hackers access encrypted data
Researchers have exposed an issue with the memory implementation on AMD’s data center chips that could threaten the integrity of data, but the chipmaker has hit back at the claims. In a paper due to be presented at IEEE in 2025, researchers from University of Lübeck, KU Leven, and University of Birmingham highlighted a potential weakness in AMD’s secure encrypted…
Read More » -
Blog
Winnti hackers target other threat actors with new Glutton PHP backdoor
The Chinese Winnti hacking group is using a new PHP backdoor named ‘Glutton’ in attacks on organizations in China and the U.S., and also in attacks on other cybercriminals. Chinese security firm QAX’s XLab discovered the new PHP malware in late April 2024, but evidence of its deployment, along with other files, dates back to December 2023. XLab comments that,…
Read More » -
Blog
390,000 WordPress accounts stolen from hackers in supply chain attack
A threat actor tracked as MUT-1244 has stolen over 390,000 WordPress credentials in a large-scale, year-long campaign targeting other threat actors using a trojanized WordPress credentials checker. Researchers at Datadog Security Labs, who spotted the attacks, say that SSH private keys and AWS access keys were also stolen from the compromised systems of hundreds of other victims, believed to include…
Read More » -
Blog
Security researchers set up an API honeypot to dupe hackers – and the results were startling
Attackers are quick off the mark in targeting and accessing APIs to enter company networks and steal data, according to the results of an API ‘honeypot’. API security firm Wallarm set up their trap last month, and has now reported on its first 20 days of activity. “We expected that it might take longer to have compelling data to report,…
Read More » -
Blog
OpenWrt Sysupgrade flaw let hackers push malicious firmware images
A flaw in OpenWrt’s Attended Sysupgrade feature used to build custom, on-demand firmware images could have allowed for the distribution of malicious firmware packages. OpenWrt is a highly customizable, open-source, Linux-based operating system designed for embedded devices, particularly network devices like routers, access points, and other IoT hardware. The project is a popular alternative to a manufacturer’s firmware as it offers numerous…
Read More » -
Blog
Generative AI’s cybersecurity potential is clear, but so far it’s given hackers the upper hand
Generative AI has opened up a new frontier in the ongoing cyber arms race between the security community and cyber criminals, and a leading security researcher has warned attackers may have more to gain from the technology. Charl van der Walt, head of security research at Orange Cyberdefense, has argued that while it’s still fairly early to make any definite…
Read More »