Information

29 Nov

Okta: Breach Affected All Customer Support Users

Data Breaches, Information, Insights

When KrebsOnSecurity broke the news on Oct. 20, 2023 that identity and authentication giant Okta had suffered a breach in its customer support department, Okta said the intrusion allowed hackers to steal sensitive data from fewer than one percent of its 18,000+ customers. But today, Okta revised that impact statement, saying the attackers also stole the name and email address for nearly all of its customer support users. Okta acknowledged last month that for several…

Read More
29 Nov

SecurityWeek to Host Cyber AI & Automation Summit on December 6th

Information, News

Virtual conference will explore cybersecurity use-cases for artificial intelligence (AI) technology and the race to protect LLM algorithms from adversarial use. SecurityWeek will host its 2023 Cyber AI & Automation Summit on December 6, 2023 as a fully immersive virtual conference, showcasing prominent technologists discussing the burgeoning AI-powered security landscape. The Cyber AI & Automation Summit will feature keynotes and editorial presentations from Chief Information Security Officers (CISOs), software developers, policy analysts, government representatives and…

Read More
28 Nov

‘Tis the season to be wary: 12 steps to ruin a cybercriminal’s day

Information

Scams, Cybercrime The holiday shopping season may be the time to splurge, but it’s a also favorite time of year for cybercriminals to target shoppers with phony deals, phishing scams and other threats Phil Muncaster 27 Nov 2023  •  , 5 min. read The holiday shopping season is in full swing. It involves a seemingly endless few weeks of shopping mayhem as we rush to take advantage of bargains and buy gifts for our friends…

Read More
28 Nov

ID Theft Service Resold Access to USInfoSearch Data

Data Breaches, Information, Insights

One of the cybercrime underground’s more active sellers of Social Security numbers, background and credit reports has been pulling data from hacked accounts at the U.S. consumer data broker USinfoSearch, KrebsOnSecurity has learned. Since at least February 2023, a service advertised on Telegram called USiSLookups has operated an automated bot that allows anyone to look up the SSN or background report on virtually any American. For prices ranging from $8 to $40 and payable via…

Read More
28 Nov

Police Dismantle Major Ukrainian Ransomware Operation

Information, News, Uncategorized

Law enforcement agencies in seven countries teamed up with Europol and Eurojust to dismantle a major Ukraine-based ransomware operation. According to Europol, 30 properties were searched on November 21 in four regions of Ukraine, resulting in the arrest of a 32-year-old who is allegedly the operation’s ringleader, as well as four key accomplices.  This law enforcement activity is part of an operation that resulted in the arrests of a dozen individuals back in 2021.  The…

Read More
27 Nov

Critical ownCloud Flaws Lead to Sensitive Information Disclosure, Authentication Bypass

Information, News

Open-source file-sharing and collaboration software ownCloud is plagued by critical vulnerabilities that could lead to the exposure of credentials and other sensitive information and to authentication and validation bypass. The most serious issue, which carries a CVSS score of 10/10, impacts the graphapi app, which uses a third-party library providing a URL that, when accessed, reveals the PHP environment’s configuration details (phpinfo). “This information includes all the environment variables of the webserver. In containerized deployments,…

Read More
25 Nov

Telekopye’s tricks of the trade – Week in security with Tony Anscombe

Information

Video ESET’s research team reveals details about the onboarding process of the Telekopye scam operation and the various methods that the fraudsters use to defraud people online 24 Nov 2023 How do aspiring fraudsters become members of a scam operation that helps them defraud people on online marketplaces? ESET researchers recently discovered and analyzed Telekopye, a Telegram bot that helps less tech-savvy scammers pull off their tricks. This week, the research team published details about…

Read More
24 Nov

Telekopye: Chamber of Neanderthals’ secrets

Information

We recently published a blogpost about Telekopye, a Telegram bot that helps cybercriminals scam people in online marketplaces. Telekopye can craft phishing websites, emails, SMS messages, and more. In the first part, we wrote about technical details of Telekopye and hinted at hierarchical structure of its operational groups. In this second part, we focus on what we were able to learn about Neanderthals, the scammers who operate Telekopye, their internal onboarding process, different tricks of…

Read More
24 Nov

North Korean Software Supply Chain Attack Hits North America, Asia 

Information, News

A North Korean threat group breached a Taiwanese software company and leveraged its systems to deliver malware to devices in North America and Asia, Microsoft reported this week. The threat actor is tracked by the tech giant as Diamond Sleet (Zinc). Previously described as a sub-group of the notorious Lazarus, the hacker gang has been conducting attacks for data theft, espionage, destruction and financial gain. In the past, it was observed targeting security researchers, penetration…

Read More
24 Nov

In Other News: National Laboratory Breach, Airplane GPS Attacks, Russia Accuses Allies of Hacking

Information, News

SecurityWeek is publishing a weekly cybersecurity roundup that provides a concise compilation of noteworthy stories that might have slipped under the radar. We provide a valuable summary of stories that may not warrant an entire article, but are nonetheless important for a comprehensive understanding of the cybersecurity landscape. Each week, we will curate and present a collection of noteworthy developments, ranging from the latest vulnerability discoveries and emerging attack techniques to significant policy changes and…

Read More