A Russia-based cybercriminal group targeted a large American auto manufacturer, more evidence of its shift to deep-pocketed victims the gang hopes will deliver a major payday. FIN7 - also known as Carbon Spider and Sangria Tempest - targeted employees with “high levels of administrative rights."
Firewall appliance manufacturer Palo Alto Networks rushed out a hotfix Friday to a command injection vulnerability present in its custom operating system after security researchers spotted a campaign to exploit the zero-day starting in March, likely from a state-backed threat actor.
Security researchers have discovered two critical vulnerabilities in the Hugging Face AI platform that exposed potential gaps for attackers seeking unauthorized access and manipulation of customer data and models. The risks highlight the security concerns about AI-as-a-service offerings.
Vietnamese financially motivated hackers are targeting businesses across Asia in a campaign to harvest corporate credentials and financial data for resale in online criminal markets. Researchers at Cisco Talos identified a cluster of hacking activity its tracks as CoralRaider.
Google addressed two zero-day vulnerabilities in Pixel mobile phones that forensic firms exploited to bypass PINs and access stored data on the device. The bugs allowed attackers to unlock and access Pixel's device memory with physical access.
Google is prototyping a method to stymie hackers who get around multifactor security by stealing authentication cookies from desktops. Google says its proposal for cryptographically tying authentication tokens to computers will succeed where previous attempts such as Token Binding failed.
Google says it will delete web browsing data generated by 136 million individuals who used the tech giant's Chrome browser in Incognito mode as part of a proposed settlement ending a class action lawsuit alleging the tech giant had misled consumers about privacy protections.
Python code repository PyPI temporarily halted new user registration for a second time in three months following a surge in malware-ridden code mimicking legitimate software packages. PyPI is not the only code repository to recently be attacked by hackers.
This week, Sam Bankman-Fried got 25 years, the U.S sanctioned a Russian fintech, Coinbase can't get out of an SEC lawsuit, Munchables lost millions and had it returned, Curio and ParaSwap had smart contract problems, Hong Kong warned about crypto entities, and TRM Labs reported 2023 crypto trends.
A likely Chinese hacker-for-hire used high-profile vulnerabilities in a campaign targeting a slew of Southeast Asian and U.S. governmental and research organizations, says threat intel firm Mandiant. Rapid exploitation of newly patched flaws has become a hallmark of Chinese threat actors.
U.S. and allied cybersecurity agencies again warned the private sector to guard against Chinese state hackers who eschew malware to maintain access in favor of exploiting built-in system functions. Key preventative measures include maintaining a central logging database.
Security researchers say they've spotted a hacking campaign with a strong focus in Southeast Asia that could be the work of Chinese state hacking contractor iSoon, the company whose February internal data leak threw a spotlight on a network of private sector companies hacking on behalf of Beijing.
Hackers who are possibly members of a criminal group affiliated with numerous ransomware-as-a-service operations are exploiting a directory traversal vulnerability in a Python library that allows unauthenticated remote attackers access to sensitive information from server files.
A co-administrator of an illicit online marketplace received a 42-month prison sentence in U.S. federal court after pleading guilty to two criminal counts that could have put him in prison for 15 years. Sandu Boris Diaconu, 31, helped develop and administer the E-Root marketplace.
LockBit ransomware affiliate Mikhail Vasiliev on Tuesday received a nearly four-year prison sentence in Canada and consented to extradition to the United States, where he faces charges of conspiracy to commit computer intrusion. He must also pay CA$860,000 in restitution to his Canadian victims.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing ransomware.databreachtoday.com, you agree to our use of cookies.