menu
techminis

A naukri.com initiative

New

google-web-stories
Home

>

Hacking News

Hacking News

source image

Securityaffairs

1M

read

82

img
dot

Image Credit: Securityaffairs

Coinbase data breach impacted 69,461 individuals

  • Coinbase disclosed that a recent data breach impacted 69,461 individuals after overseas support staff accessed customer and corporate data improperly.
  • Rogue contractors stole data on under 1% of users from Coinbase and demanded $20 million; breach initially disclosed in an SEC filing.
  • Unauthorized data access was detected by support personnel, prompting termination, enhanced monitoring, and user alerts; breach involved a coordinated campaign.
  • Exposed data did not include passwords, private keys, or customer funds but included contact details, partial SSNs, bank info, ID images, account history, and limited internal documents.

Read Full Article

like

4 Likes

share

1 Share

source image

Securityaffairs

1M

read

301

img
dot

Image Credit: Securityaffairs

U.S. CISA adds Ivanti EPMM, MDaemon Email Server, Srimax Output Messenger, Zimbra Collaboration, and ZKTeco BioTime flaws to its Known Exploited Vulnerabilities catalog

  • U.S. CISA added Ivanti EPMM, MDaemon Email Server, Srimax Output Messenger, Zimbra Collaboration, and ZKTeco BioTime flaws to its Known Exploited Vulnerabilities catalog.
  • CISA also included Google Chromium, DrayTek routers, and SAP NetWeaver flaws in its Known Exploited Vulnerabilities catalog.
  • Some of the described flaws include authentication bypass, code injection, XSS vulnerabilities, and directory traversal vulnerabilities.
  • Ivanti released security updates for CVE-2025-4427 and CVE-2025-4428 in Endpoint Manager Mobile software to address remote code execution threats.

Read Full Article

like

18 Likes

share

4 Shares

source image

Securelist

1M

read

13

img
dot

Image Credit: Securelist

Dero miner zombies biting through Docker APIs to build a cryptojacking horde

  • A new Dero mining campaign involves infected containers exploiting insecurely published Docker APIs to create a cryptojacking horde.
  • Malicious containers were detected during a compromise assessment project, leading to the discovery of a threat actor exploiting Docker APIs.
  • Two malware implants, nginx and the Dero crypto miner, written in Golang, are used in an automated attack vector to infect new victims.
  • The nginx malware ensures persistence, spreads without a command-and-control server, and targets insecure Docker APIs to infect new networks.
  • The malware propagates by scanning IPv4 subnets, identifying open Docker API ports, creating new malicious containers, and compromising existing ones.
  • The malware infects containers by installing dependencies, transferring malicious implants, and maintaining persistence for continuous mining activities.
  • The cloud malware encrypts configuration details, including wallet and Dero node addresses, aiming to sophisticate the malware.
  • The attack campaign emphasizes the threat posed to containerized environments and the importance of monitoring and protecting container infrastructures.
  • Security measures like using efficient monitoring tools and proactively hunting for threats are recommended to safeguard container environments.
  • Indicators of compromise, such as file hashes, paths, and specific addresses, are provided to help in detecting and mitigating such malicious activities.

Read Full Article

like

Like

share

Share

source image

Metro

1M

read

156

img
dot

Image Credit: Metro

M&S to face disruption from massive cyber attack for another two months

  • M&S is expected to face disruption from a cyber attack until July, impacting contactless payments and Click and Collect services.
  • Customer data was stolen in the attack, but no passwords or card details were accessed.
  • M&S operating profits to be reduced by £300 million due to the cyber attack, with experts mentioning that attacks on iconic institutions are often not sophisticated.
  • The cyber attack has been linked to a group called Scattered Spider using ransomware; other retailers like Co-op, Harrods, and the Ministry of Justice’s Legal Aid Agency have also been targeted.

Read Full Article

like

9 Likes

share

2 Shares

source image

Guardian

1M

read

206

img
dot

Image Credit: Guardian

Marks & Spencer expects £300m hit in lost sales from cyber-attack

  • Marks & Spencer expects to lose around £300m in sales due to a cyber-attack that forced the company to halt online orders and face challenges in stocking store shelves.
  • Despite the cyber-attack, Marks & Spencer reported a 22% increase in annual pre-tax profits to £876m, showing better-than-expected performance before the incident.
  • The company had over £400m of net funds before the cyber-attack, stating it was in a strong financial position that could help mitigate the expected financial impact through insurance and other measures.
  • The cyber-attack on Marks & Spencer's IT systems over the Easter weekend led to disruptions in online orders, deliveries to stores, and partnerships, with personal information of thousands of customers being compromised.

Read Full Article

like

12 Likes

share

3 Shares

source image

Guardian

1M

read

424

img
dot

Image Credit: Guardian

What to do if you can’t get into your Facebook or Instagram account

  • If you can't access your Facebook or Instagram account, try resetting your password using the 'Forgot password?' link on the login screen.
  • If you no longer have access to the associated email, visit facebook.com/login/identify and follow the instructions to prove your identity and reset your password.
  • If your account was hacked, visit facebook.com/hacked or instagram.com/hacked/ on a previously used device and follow the instructions provided.
  • After regaining access, change your password to something strong, enable two-step verification, turn on 'unrecognised login' alerts, remove suspicious friends, and consider advanced protection options.

Read Full Article

like

25 Likes

share

5 Shares

source image

Securityaffairs

1M

read

452

img
dot

Image Credit: Securityaffairs

SK Telecom revealed that malware breach began in 2022

  • SK Telecom revealed that the security breach disclosed in April began in 2022.
  • SK Telecom, South Korea's largest wireless telecom company, detected a malware attack in April affecting 27 million users.
  • The breach exposed data like phone numbers, IMSIs, SIM keys, and HSS-stored info of users.
  • Investigations found that the breach began in 2022, went undetected for nearly three years, and involved 25 malware types across 23 servers.

Read Full Article

like

27 Likes

share

6 Shares

source image

Bitcoinist

1M

read

132

img
dot

Image Credit: Bitcoinist

Coinbase Faces DOJ Heat Over Hack As It Enters S&P Spotlight

  • Coinbase's stock dipped on its entry day into the S&P 500, following news of a US Justice Department probe into a hack that compromised customer data.
  • The DOJ's criminal division is investigating how hackers managed to steal customer data by bribing support staff at Coinbase, leading to a breach affecting personal details.
  • Coinbase offered a $20 million reward and promised full reimbursements to affected users, as lawsuits mount over the compromised data and top executives like Roelof Botha face consequences.
  • While becoming the first crypto firm on the S&P 500, Coinbase's stock debut was marred by regulatory challenges, including ongoing SEC investigations and now the DOJ's involvement in the hack.

Read Full Article

like

7 Likes

share

1 Share

source image

Securityaffairs

1M

read

347

img
dot

Image Credit: Securityaffairs

4G Calling (VoLTE) flaw allowed to locate any O2 customer with a phone call

  • A flaw in O2's 4G Calling (VoLTE) service exposed user location data due to improper IMS standard implementation.
  • Researcher found O2's VoLTE service leaked sensitive info like IMSI, IMEI, and location data in network messages.
  • Detailed IMS signaling messages revealed caller's and recipient's IMSI, IMEI numbers, and recipient's location data, posing significant privacy risks.
  • Attacker could pinpoint an O2 customer's location within 100 square meters in dense areas; O2 advised to remove IMS/SIP headers to prevent data leaks.

Read Full Article

like

20 Likes

share

4 Shares

source image

Guardian

1M

read

270

img
dot

Image Credit: Guardian

Online criminals attacking HSBC ‘all the time’, says head of UK arm

  • HSBC's UK arm head stated that the bank is constantly under attack by online criminals, making cybersecurity its biggest expense.
  • The bank has invested hundreds of millions of pounds in defense mechanisms to protect against cyber threats as customers rely heavily on digital technology.
  • HSBC processes 1,000 payments per second and makes about 8,000 changes to its IT systems weekly to ensure seamless operations for customers.
  • Barclays' UK CEO mentioned that a recent technical issue was caused by an external software provider and assured customers that steps have been taken to prevent future recurrences.

Read Full Article

like

16 Likes

share

3 Shares

source image

Medium

1M

read

169

img
dot

Image Credit: Medium

Why Your Passwords Aren’t Safe: 7 Urgent Security Steps You Need Today

  • Thousands of accounts are breached daily due to weak passwords, reuse across apps, and ignoring basic security habits.
  • Hackers can crack complex passwords in seconds and steal databases with millions of login details.
  • Most individuals are unaware of being hacked until it's too late, emphasizing the urgent need for enhanced account security measures.
  • It's crucial to take immediate steps to secure your accounts, as even commonly perceived 'safe' passwords are vulnerable to hacking threats.

Read Full Article

like

10 Likes

share

2 Shares

source image

Securityaffairs

1M

read

77

img
dot

Image Credit: Securityaffairs

China-linked UnsolicitedBooker APT used new backdoor MarsSnake in recent attacks

  • China-linked APT group UnsolicitedBooker used a new backdoor named MarsSnake to target an international organization in Saudi Arabia.
  • The group employed spear-phishing emails with fake flight ticket lures to infiltrate systems and has a history of targeting government organizations in Asia, Africa, and the Middle East.
  • UnsolicitedBooker's arsenal includes backdoors like Chinoxy, DeedRAT, Poison Ivy, and BeRAT, commonly seen in Chinese APT groups, indicating espionage and data theft motives.
  • The repeated attacks on the Saudi organization in 2023, 2024, and 2025 show a persistent interest from UnsolicitedBooker in the specific target.

Read Full Article

like

4 Likes

share

1 Share

source image

TheNewsCrypto

1M

read

246

img
dot

Mitroplus Labs Founder Kidnapped in $500K Crypto Ransom Plot

  • Festo Ivaibi, the founder of Mitroplus Labs, has been kidnapped by criminal gangs demanding a $500,000 ransom and access to his crypto wallets, causing a drastic fall in the price of the Afro memecoin introduced by the firm in 2024.
  • The criminals posed as Ugandan security officers, abducted Ivaibi, demanded the ransom, and emptied the Afro memecoin after the funds were transferred, although the community funds were reportedly unharmed.
  • The incidents reveal a surge in crypto-related crimes in Uganda, where the lack of officially recognized cryptocurrencies has contributed to the challenges faced by individuals like Ivaibi and other crypto entrepreneurs.
  • The situation has raised concerns leading to measures by governments to protect crypto entrepreneurs, with seven out of 48 reported cases in Africa being linked to the same criminal group targeting individuals with significant crypto holdings.

Read Full Article

like

14 Likes

share

3 Shares

source image

Siliconangle

1M

read

86

img
dot

Image Credit: Siliconangle

Strider upgrades Spark platform to deliver faster threat intelligence against nation-state attacks

  • Strider Technologies has upgraded its Spark platform to provide faster threat intelligence against nation-state attacks.
  • The AI-driven threat intelligence engine now enables organizations to combine external intelligence with internal data for real-time insights, reducing investigation times significantly.
  • The upgrades focus on assisting industry, government, and academic organizations vulnerable to nation-state attacks, offering detailed threat analysis within seconds.
  • Strider's Spark platform rapidly analyzes data points to help organizations uncover and mitigate state-sponsored threats in real time, with features for ease of use and efficiency.

Read Full Article

like

5 Likes

share

1 Share

source image

Securityaffairs

1M

read

150

img
dot

Image Credit: Securityaffairs

UK’s Legal Aid Agency discloses a data breach following April cyber attack

  • The UK's Legal Aid Agency suffered a cyberattack in April, leading to a data breach where sensitive information of legal aid applicants was stolen.
  • The cyberattack on the Legal Aid Agency, part of the UK Ministry of Justice, compromised personal data dating back to 2010, including contact details, national ID numbers, and financial information.
  • The agency worked with authorities like the National Crime Agency and National Cyber Security Centre to investigate the breach and discovered that hackers accessed and downloaded significant amounts of personal data.
  • In response to the breach, the Legal Aid Agency took down its online service, implemented security measures, and assured continued access to legal support for those in need.

Read Full Article

like

9 Likes

share

2 Shares

Prev

20
21
22
23
24
25
26
27
28
29
30

Next

For uninterrupted reading, download the app