A naukri.com initiative
Hacking News
Cryptopotato
4w
380
Image Credit: Cryptopotato
CZ Criticizes Safe Wallet’s Post-Mortem on Bybit Hack
- Former Binance CEO Changpeng Zhao (CZ) criticizes Safe Wallet's post-mortem on the Bybit hack.
- Safe Wallet confirmed the breach resulted from compromised credentials and reiterated the absence of vulnerabilities in its smart contracts or front-end source code.
- CZ raised concerns about the lack of detail in the update and questioned how the attack occurred, including the involvement of social engineering or a virus, as well as how the attackers bypassed Ledger verification.
- Bybit was not directly compromised, and they have restored their reserves, securing 446,870 ETH valued at $1.23 billion, ensuring 100% backing for client assets.
Read Full Article
22 Likes
Securityaffairs
4w
174
Image Credit: Securityaffairs
FBI: North Korea-linked TraderTraitor is responsible for $1.5 Billion Bybit hack
- The FBI confirmed that North Korea is responsible for the record-breaking cyber heist at the crypto exchange Bybit.
- Last week, the crypto exchange Bybit suffered a sophisticated cyberattack, with hackers stealing over $1.5 billion worth of ETH and stETH.
- Bybit's security team is investigating the breach, while cybersecurity firms attribute the attack to the Lazarus APT group.
- The FBI published a Public Service Announcement attributing the heist to the North Korea-linked group TraderTraitor and provided a list of related Ethereum addresses.
Read Full Article
10 Likes
Securityaffairs
1M
147
Image Credit: Securityaffairs
Criminal group UAC-0173 targets the Notary Office of Ukraine
- Criminal group UAC-0173 is targeting the Notary Office of Ukraine.
- The campaign, which started in mid-January 2025, uses the DCRat malware.
- Phishing messages with malicious links are being sent to notaries in Ukraine.
- CERT-UA has provided recommendations to enhance cybersecurity and prevent further attacks.
Read Full Article
8 Likes
Securityaffairs
1M
62
Image Credit: Securityaffairs
Cellebrite blocked Serbia from using its solution because misuse of the equipment for political reasons
- Cellebrite blocked Serbia from using its solution after reports of police using it to unlock and infect phones of a journalist and activist.
- Amnesty International's report revealed Serbian police used Cellebrite tools to install spyware like NoviSpy on activists' phones.
- NoviSpy allows surveillance by capturing personal data and remotely activating microphones or cameras, though less advanced than Pegasus.
- Cellebrite UFED exploits were used to secretly install NoviSpy during police interviews, revealed Amnesty International.
- Cellebrite suspended its technology provision to Serbia due to reported abuse, following an investigation aligned with ethics policies.
- Amnesty International stated the misuse of Cellebrite tools for political reasons necessitates investigations, accountability, and safeguards.
- Serbian journalist Milanov's case revealed Cellebrite tool usage by police to unlock his phone and install NoviSpy spyware.
- Cellebrite UFED product was misused to covertly bypass security features, infecting devices with NoviSpy, as per Amnesty International.
- Amnesty International discovered Cellebrite UFED exploited a Qualcomm vulnerability in the spyware infections case in Serbia.
- Other targets of the spyware campaign included activist Nikola Ristić, environmentalist Ivan Milosavljević Buki, and an NGO representative.
Read Full Article
3 Likes
Securityaffairs
1M
259
Image Credit: Securityaffairs
DragonForce Ransomware group is targeting Saudi Arabia
- DragonForce ransomware has recently been reported to target organizations in the Kingdom of Saudi Arabia (KSA).
- The attack is a part of the rising cyber threats facing the region, particularly against critical infrastructure and major corporations.
- This is the first time the ransomware gang has targeted a large KSA enterprise entity, with over 6 TB of data being exfiltrated.
- The targeting of KSA by ransomware groups raises concerns about the security of critical infrastructure in the region.
Read Full Article
15 Likes
Siliconangle
1M
219
Image Credit: Siliconangle
CrowdStrike report finds surge in malware-free cyberattacks and AI-driven threats in 2024
- A new report by CrowdStrike highlights the evolving cyberthreat landscape in 2024.
- Malware-free intrusions and AI-assisted social engineering saw a surge in cyberattacks.
- China-backed cyber activity increased by 150%.
- Cloud-focused vulnerabilities and software-as-a-service attacks also rose in 2024.
Read Full Article
13 Likes
Coinpedia
1M
389
Image Credit: Coinpedia
FBI Confirms $1.5 Billion Crypto Theft by North Korean Hackers from ByBit
- North Korean hackers have stolen $1.5 billion from ByBit, one of the world's largest cryptocurrency exchanges.
- FBI has labeled this heist as 'TraderTraitor' and is working to block transactions associated with the stolen assets.
- The hack was executed by compromising a Safe dev's device and altering transaction parameters.
- About $160 million of the stolen assets have already been linked to North Korean operatives.
Read Full Article
23 Likes
Guardian
1M
188
Image Credit: Guardian
North Korea behind $1.5bn hack of crypto exchange ByBit, says FBI
- North Korea is behind the theft of $1.5bn in virtual assets from the cryptocurrency exchange ByBit, according to the FBI.
- This is being described as the biggest heist in history, surpassing Saddam Hussein's $1bn theft from Iraq's central bank.
- The stolen assets, currently in bitcoin and virtual assets, are expected to be further laundered and converted into fiat currency.
- North Korea, operating a cybercrime unit known as the Lazarus Group, has been linked to previous thefts that fund its nuclear and ballistic missile programs.
Read Full Article
11 Likes
Securityaffairs
1M
120
Image Credit: Securityaffairs
New Ghostwriter campaign targets Ukrainian Government and opposition activists in Belarus
- A new Ghostwriter campaign is targeting opposition activists in Belarus and Ukrainian military and government organizations.
- The campaign uses a new variant of PicassoLoader and has been active since late 2024.
- The Ghostwriter threat actor, linked to the government of Belarus, is known for conducting cyberespionage operations.
- The campaign confirms the close ties between Ghostwriter and the Belarusian government in targeting opposition and associated organizations.
Read Full Article
7 Likes
Medium
1M
331
Image Credit: Medium
Cyberattack on Genea Fertility Clinic Exposes 940GB of Sensitive IVF Patient Data
- In a significant cybersecurity breach, hackers exposed 940GB of sensitive medical data stolen from Genea Fertility Clinic in Australia.
- The breach by the Termite ransomware group included medical histories, government IDs, Medicare card numbers, and health insurance details.
- The attack not only affects the patients but also poses a threat to the broader healthcare system due to the personal nature of the stolen data.
- Hackers exploited Genea's Citrix environment, allowing them to siphon patient data over a two-week period.
- Stolen health records on the dark web can be used for illegal medical claims, identity fraud, and unauthorized drug prescriptions.
- Although financial information was not accessed, a substantial amount of personal data like government IDs and medical histories was stolen.
- Genea is taking legal action to prevent further distribution of the leaked data but faces challenges in mitigating the breach's impact.
- The breach has raised concerns about patient data security and led to demands for enhanced cybersecurity measures and transparency from Genea.
- The incident has affected Genea's operations, causing disruption to services like the MyGenea app for tracking fertility treatments.
- This breach underscores the urgent need for stronger cybersecurity measures in the healthcare industry to protect sensitive patient data.
- Both healthcare providers and individuals must prioritize cybersecurity to prevent future attacks and safeguard confidential medical information.
Read Full Article
19 Likes
TechCrunch
1M
250
Image Credit: TechCrunch
Cellebrite suspends Serbia as customer after claims police used firm’s tech to plant spyware
- Israeli digital forensics firm Cellebrite has suspended Serbia as a customer following claims that Serbian police used the company's technology to unlock phones and plant spyware.
- The allegations were raised in a report by Amnesty International in December 2024, which accused Serbian police of hacking into the phones of a journalist and an activist.
- Cellebrite conducted an investigation and decided to take appropriate action in accordance with its ethics and integrity policies.
- The company has not specified whether the suspension is permanent or temporary, and declined to comment further on the matter.
Read Full Article
15 Likes
TheNewsCrypto
1M
367
Image Credit: TheNewsCrypto
Bybit Hacker Washed 20% of Total Stolen ETH Worth $1.5 Billion
- Bybit hacker laundered around 20% of Ethereum stolen from the recent theft.
- Hackers hold more Ethereum than Vitalik Buterin and Ethereum Foundation.
- Hackers are using advanced tactics to perform social engineering hacks and money laundering.
- Bybit CEO announced a bounty program to combat the Lazarus money laundering activities.
Read Full Article
22 Likes
Securelist
1M
237
Image Credit: Securelist
Exploits and vulnerabilities in Q4 2024
- Q4 2024 saw fewer published exploits for Windows and Linux compared to the first three quarters.
- Although the number of registered vulnerabilities rose, the total number of Proof of Concept instances decreased compared to 2023.
- Attackers in Q4 leveraged undocumented RPC interfaces and targeted the Windows authentication mechanism.
- There was growth in the number of registered vulnerabilities and a decrease in the number of PoCs.
- The most prevalent CWEs exploited included OS Command Injection, improper input filtering, and memory corruption vulnerabilities.
- New popular CWEs in 2024 included Use After Free, Path Traversal, Code Injection, and Deserialization of untrusted data.
- In Q4, Windows exploits targeted vulnerabilities in Microsoft Office, WinRAR, and various Windows subsystems.
- Linux vulnerabilities exploited vulnerabilities in nf_tables, io_uring, Dirty Pipe, and netfilter components.
- Most common exploits continue to target operating systems, with attackers finding new exploitable vulnerabilities.
- Top 10 vulnerabilities exploited in APT attacks included Microsoft Office vulnerabilities and vulnerabilities for PAN-OS.
Read Full Article
14 Likes
Securityaffairs
1M
197
Image Credit: Securityaffairs
New LightSpy spyware variant comes with enhanced data collection features targeting social media platforms
- Researchers found an updated LightSpy spyware with enhanced data collection features targeting social media platforms like Facebook and Instagram.
- ThreatFabric researchers discovered a macOS version of LightSpy spyware in May 2024 and observed threat actors using publicly available exploits to deliver macOS implants.
- The LightSpy spyware can steal files, record audio, harvest various data, and grant attackers control over the infected device.
- The new version of LightSpy supports data extraction features targeting Facebook and Instagram application database files.
Read Full Article
11 Likes
Securityaffairs
1M
183
Image Credit: Securityaffairs
U.S. CISA adds Microsoft Partner Center and Synacor Zimbra Collaboration Suite flaws to its Known Exploited Vulnerabilities catalog
- The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Microsoft Partner Center and Synacor Zimbra Collaboration Suite vulnerabilities to its Known Exploited Vulnerabilities catalog.
- The first vulnerability, CVE-2023-34192 (CVSS score: 9.0), is a cross-site scripting (XSS) issue in Synacor Zimbra Collaboration Suite (ZCS), which was addressed in July 2023.
- The second vulnerability, CVE-2024-49035 (CVSS score: 8.7), is an improper access control vulnerability in Microsoft Partner Center, which was addressed in November 2024.
- CISA orders federal agencies to address the vulnerabilities by March 25, 2025.
Read Full Article
11 Likes
For uninterrupted reading, download the app