News

Yesterday, data breach notification website Leakbase said someone allegedly hacked the Swachhata Platform in India and stole 16 million user records. Security researchers at CloudSEK , reported the news as they discovered a post by Leakbase sharing data samples containing personally identifiable information (PII), including email addresses, hashed passwords and user IDs. Earlier this week, an advisory published by CloudSEK reported that 6GB of compromised data from the  Swachhata Platform – an initiative in association...

Earlier this week, researchers at security firm Cisco Talos discovered a malicious campaign in August 2022 that relied on modularized attack techniques to deliver Cobalt Strike beacons and used them in follow–on attacks. It was reported that the company published a new advisory about the campaign on Wednesday saying the threat actors behind it used a phishing email impersonating either a government organization in the US or a trade union in New Zealand with a malicious...

Optus, an Australian telecoms provider, has become the latest high-profile victim of a data breach - with the alleged attacker demanding payment to buy back millions of customer records, having already made 10,000 public online.  In the most recent developments, the attacker has now rescinded threats and deleted them from a data breach website. However, it does not change the fact that someone was able to access these customer records, including names, dates of birth,...

Towards the end of last week, the City of London Police on Friday revealed that it has arrested a 17-year-old teenager from Oxfordshire on suspicion of hacking. "On the evening of Thursday 22 September 2022, the City of London Police arrested a 17-year-old in Oxfordshire on suspicion of hacking," the agency said, adding "he remains in police custody." A statement from the department said the arrest was made as part of an investigation in partnership with...

On Friday last week, Ukrainian law enforcement authorities disclosed that it had "neutralized" a hacking group operating from the city of Lviv that it said acted on behalf of Russian interests. Reports show that the group specialized in the sales of 30 million accounts belonging to citizens from Ukraine and the European Union on the dark web and netted a profit of $372,000 (14 million UAH) through electronic payment systems like YooMoney, Qiwi, and WebMoney...

Earlier today reports of an SMS-based phishing campaign were announced, targeting customers of Indian banks with information-stealing malware that masquerades as a rewards application. According to the Microsoft 365 Defender Research Team, the messages contain links that redirect users to a sketchy website that triggers the download of the fake banking rewards app for ICICI Bank. "The malware's RAT capabilities allow the attacker to intercept important device notifications such as incoming messages, an apparent effort...

Yesterday Twitter announced that they had remediated an issue that allowed accounts to stay logged in across multiple devices even after a voluntary password reset. In an update earlier this week, the social media company explained that the bug meant users who proactively changed their passwords on one device may have still been able to access open sessions on other screens. It is important to note that users who choose password resets voluntarily may be...

Analysing the software security practices of 130 organisations including Adobe, PayPal and Lenovo, Synopsys's Building Security in Maturity Model (BSIMM) report has found a nearly 50% surge in activities to secure open source software components and integrate security into developer toolchains; indicating greater initiative to tackle software supply chain security over the last 12 months. The findings highlight a significant increase in activities that indicate BSIMM member organizations are implementing a “shift everywhere” approach to...

Dragos Inc., the global leader in cybersecurity for industrial controls systems (ICS)/operational technology (OT) environments, today announced it has been designated by the CVE Program as a CVE Numbering Authority (CNA). As a CNA, Dragos is authorized to assign CVE IDs to newly discovered vulnerabilities and publicly disclose information about these vulnerabilities through CVE Records. This includes assigning CVE IDs to vulnerabilities found in the company’s own products as well as any third-party products not...

Rockstar Games, the publishers behind the popular Grand Theft Auto (GTA) franchise, announced earlier this week that data from the latest instalment of the GTA series has been leaked online. The leak is being described as one of gaming's biggest security breaches. The publishers were unable to clarify how the "network intrusion" happened, but confirmed that "early development footage" from GTA VI had been stolen. A user called teapotuberhacker posted the footage onto the GTAForums...