Over the New Year's holiday weekend, Belarusian hacktivists shut down the country's leading state-owned media outlet, claiming they had wiped the main website servers and backups of BelTA. The group said its actions had been retaliation against President Alexander Lukashenko's propaganda campaign.
Ukrainian cyber defenders report that fast-acting Russian military intelligence hackers have been targeting government agencies as well as organizations in Poland using backdoor malware tied to phishing lures based on a fake letter from the Ukrainian deputy prime minister.
Microsoft has deactivated a tool designed to simplify the installation of Windows applications after hacking groups began exploiting the functionality to distribute malware loaders, leading to infections involving backdoors and ransomware.
Google reached a preliminary settlement in a class action lawsuit that alleged the tech giant had misled consumers about their privacy protections when using the private browsing Incognito mode of its Chrome web browser. The settlement came on the heels of a court ruling clearing the case for trial.
Albania's Parliament and a telecommunications service provider faced online attacks on Christmas day, according to the Albanian National Authority for Electronic Certification and Cyber Security. Iranian hackers called Homeland Justice have claimed responsibility for the latest wave of attacks.
Cyberspace aggression against Israel has intensified since the onset of war in the Gaza Strip, changing from online vandalism to attacks aimed at disruption and sowing fear, says Israel's cybersecurity agency. A prominent attack vector is phishing emails.
A Russian man accused by the U.S. of trafficking in a hacked database of online credentials will apparently evade American courts after the Russian government said it had succeeded in extraditing him. Russian prosecutors say Nikita Kislitsin faces charges related to an October 2022 hacking incident.
Google rolled out security updates Wednesday for its Chrome web browser to fix a critical vulnerability exploited in the wild. The zero-day vulnerability is a heap-based buffer overflow bug in the WebRTC framework that allows real-time communication between different browsers and devices.
U.S. authorities seized dark web infrastructure of the BlackCat ransomware-as-a-service group, also known as Alphv, although the Russian-speaking threat actor said it has reestablished operations. The group's data leak site and its Tox instant messaging account went offline Dec. 7.
The Idaho National Laboratory said hackers stole personal data of more than 45,000 individuals connected with the facility following a self-proclaimed hacktivist group's claims of a breach. The data theft stems from a Nov. 20 incident affecting the organization's off-site Oracle HCM HR system.
Hackers are using publicly disclosed proof-of-concept code to exploit a recently patched critical vulnerability found in the Apache Struts 2 Framework to achieve remote code execution. The Apache Foundation, which manages the Struts library, on Dec. 7 urged developers to apply a patch.
Ukraine's domestic security agency on Wednesday fingered Russian military hackers as being responsible for hacking Kyivstar, in a statement acknowledging damage to the telecom operator's digital infrastructure. Ukraine's top telecom operator was the target of a Tuesday cyberattack.
A threat actor with a history of sending Trojan-laced phishing emails targeted Ukrainian and Polish authorities with emails with the subject lines "judicial claims" and "debts," Ukrainian cyber defenders said Thursday. CERT-UA tracks the threat actor as UAC-0050.
A Russia-linked disinformation campaign known as Doppelgänger is employing advanced obfuscation techniques and likely deploying AI to generate content, say security researchers. Doppelgänger has been called Russia's "most aggressively persistent covert influence operation" since 2017.
Genetics testing firm 23andMe says hackers, in a credential-stuffing attack this fall, siphoned the ancestry data of 6.9 million individuals. 23andMe disclosed the attack on Oct. 1, stating the attackers had scraped the profiles of 23andMe users who opted in to the company's DNA Relatives feature.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing careersinfosecurity.com, you agree to our use of cookies.
