はてなブックマーク

HomeNewsSecurityInternet Archive hacked, data breach impacts 31 million users Updates added at end of the article. Internet Archive's "The Wayback Machine" has suffered a data breach after a threat actor compromised the website and stole a user authentication database containing 31 million unique records. News of the breach began circulating Wednesday afternoon after visitors to archive.org began

HomeNewsSecurityGoogle removes Kaspersky's antivirus software from Play Store Over the weekend, Google removed Kaspersky's Android security apps from the Google Play store and disabled the Russian company's developer accounts. Users have been reporting over the last week that Kaspersky's products (including Kaspersky Endpoint Security and VPN & Antivirus by Kaspersky) are no longer available on Go

HomeNewsSecurityFortinet confirms data breach after hacker claims to steal 440GB of files Cybersecurity giant Fortinet has confirmed it suffered a data breach after a threat actor claimed to steal 440GB of files from the company's Microsoft Sharepoint server. Fortinet is one of the largest cybersecurity companies in the world, selling secure networking products like firewalls, routers, and VPN dev

Toyota confirmed that customer data was exposed in a third-party data breach after a threat actor leaked an archive of 240GB of stolen data on a hacking forum. "We are aware of the situation. The issue is limited in scope and is not a system wide issue," Toyota told BleepingComputer when asked to validate the threat actor's claims. The company added that it's "engaged with those who are impacted a

HomeNewsMicrosoftWindows 11 taskbar has a hidden "End Task" feature, how to turn it on Microsoft has added a new feature to Windows 11 that allows you to end tasks directly from the taskbar, but it's turned off by default. While Windows has had a 'Close Window' option when right-clicking on a taskbar icon, it would only close the particular Window associated with the right-clicked icon. If that pr

HomeNewsSecurityHackers abused API to verify millions of Authy MFA phone numbers Twilio has confirmed that an unsecured API endpoint allowed threat actors to verify the phone numbers of millions of Authy multi-factor authentication users, potentially making them vulnerable to SMS phishing and SIM swapping attacks. Authy is a mobile app that generates multi-factor authentication codes at websites w

HomeNewsSecurityMalicious VSCode extensions with millions of installs discovered A group of Israeli researchers explored the security of the Visual Studio Code marketplace and managed to "infect" over 100 organizations by trojanizing a copy of the popular 'Dracula Official theme to include risky code. Further research into the VSCode Marketplace found thousands of extensions with millions of insta

HomeNewsSecurityNSA warns of North Korean hackers exploiting weak DMARC email policies The NSA and FBI warned that the APT43 North Korea-linked hacking group exploits weak email Domain-based Message Authentication Reporting and Conformance (DMARC) policies to mask spearphishing attacks. Together with the U.S. State Department, the two agencies cautioned that the attackers abuse misconfigured DMARC

Japanese police placed fake payment cards in convenience stores to protect the elderly targeted by tech support scams or unpaid money fraud. The cards are labeled "Virus Trojan Horse Removal Payment Card" and "Unpaid Bill Late Fee Payment Card," and were created by the Echizen Police in the Fukui prefecture in Japan as an alert mechanism. Their purpose is to warn elder victims seeking payment card

Cloudflare disclosed today that its internal Atlassian server was breached by a suspected 'nation state attacker' who accessed its Confluence wiki, Jira bug database, and Bitbucket source code management system. The threat actor first gained access to Cloudflare's self-hosted Atlassian server on November 14 and then accessed the company's Confluence and Jira systems following a reconnaissance stag

HomeNewsSecurityIsrael warns of BiBi wiper attacks targeting Linux and Windows Data-wiping attacks are becoming more frequent on Israeli computers as researchers discovered variants of the BiBi malware family that destroys data on both Linux and Windows systems. Over the weekend, Israel's CERT published an alert with rules that could help organizations identify or prevent the threat actors' activi

1Password, a popular password management platform used by over 100,000 businesses, suffered a security incident after hackers gained access to its Okta ID management tenant. "We detected suspicious activity on our Okta instance related to their Support System incident. After a thorough investigation, we concluded that no 1Password user data was accessed," reads a very brief security incident notif

HomeNewsSecurityOkta says its support system was breached using stolen credentials ​Update October 20, 16:15 EDT: Added BeyondTrust incident details. Update October 20, 18:59 EDT: Added Cloudflare incident details. Okta says attackers accessed files containing cookies and session tokens uploaded by customers to its support management system after breaching it using stolen credentials. "The threat

HomeNewsSecurityEvilProxy uses indeed.com open redirect for Microsoft 365 phishing A recently uncovered phishing campaign is targeting Microsoft 365 accounts of key executives in U.S.-based organizations by abusing open redirects from the Indeed employment website for job listings. The threat actor is using the EvilProxy phishing service that can collect session cookies, which can be used to bypas

A new Linux vulnerability, known as 'Looney Tunables' and tracked as CVE-2023-4911, enables local attackers to gain root privileges by exploiting a buffer overflow weakness in the GNU C Library's ld.so dynamic loader. The GNU C Library (glibc) is the GNU system's C library and is in most Linux kernel-based systems. It provides essential functionality, including system calls like open, malloc, prin

A stream of malicious npm and PyPi packages have been found stealing a wide range of sensitive data from software developers on the platforms. The campaign started on September 12, 2023, and was first discovered by Sonatype, whose analysts unearthed 14 malicious packages on npm. Phylum reports that after a brief operational hiatus on September 16 and 17, the attack has resumed and expanded to the

HomeNewsSecuritySignal adds quantum-resistant encryption to its E2EE messaging protocol Signal has announced that it upgraded its end-to-end communication protocol to use quantum-resistant encryption keys to protect users from future attacks. Quantum computers that use qubits (superpositions of 0 and 1) have the potential to be much more powerful and faster than current systems, allowing them to p

HomeNewsSecurityHackers exploit critical Juniper RCE bug chain after PoC release Hackers are using a critical exploit chain to target Juniper EX switches and SRX firewalls via their Internet-exposed J-Web configuration interface. Successful exploitation enables unauthenticated attackers to remotely execute code on unpatched devices. "With a specific request that doesn't require authentication an a

HomeNewsSecurityScraped data of 2.6 million Duolingo users released on hacking forum The scraped data of 2.6 million DuoLingo users was leaked on a hacking forum, allowing threat actors to conduct targeted phishing attacks using the exposed information. Duolingo is one of the largest language learning sites in the world, with over 74 million monthly users worldwide. In January 2023, someone was se

HomeNewsSecurityMillions of GitHub repos likely vulnerable to RepoJacking, researchers say Millions of GitHub repos likely vulnerable to RepoJacking, researchers say Millions of GitHub repositories may be vulnerable to dependency repository hijacking, also known as "RepoJacking," which could help attackers deploy supply chain attacks impacting a large number of users. The warning comes from AquaSe

Cybersecurity researchers and IT admins have raised concerns over Google's new ZIP and MOV Internet domains, warning that threat actors could use them for phishing attacks and malware delivery. Earlier this month, Google introduced eight new top-level domains (TLD) that could be purchased for hosting websites or email addresses. The new domains are .dad, .esq, .prof, .phd, .nexus, .foo, and for th

The LockBit ransomware gang has created encryptors targeting Macs for the first time, likely becoming the first major ransomware operation to ever specifically target macOS. The new ransomware encryptors were discovered by cybersecurity researcher MalwareHunterTeam who found a ZIP archive on VirusTotal that contained what appears to be most of the available LockBit encryptors. Historically, the Lo

HomeNewsSecurityNew MacStealer macOS malware steals passwords from iCloud Keychain A new info-stealing malware named MacStealer is targeting Mac users, stealing their credentials stored in the iCloud KeyChain and web browsers, cryptocurrency wallets, and potentially sensitive files. MacStealer is being distributed as a malware-as-a-service (MaaS), where the developer sells premade builds for $100,

HomeNewsMicrosoftWindows 11 Snipping Tool privacy bug exposes cropped image content A severe privacy flaw named 'acropalypse' has also been found to affect the Windows Snipping Tool, allowing people to partially recover content that was edited out of an image. Last week, security researchers David Buchanan and Simon Aarons discovered that a bug in Google Pixel's Markup Tool caused the original ima

HomeNewsSecurityHow to prevent Microsoft OneNote files from infecting Windows with malware The seemingly innocuous Microsoft OneNote file has become a popular file format used by hackers to spread malware and breach corporate networks. Here's how to block malicious OneNote phishing attachments from infecting Windows. To give a little background on how we got to Microsoft OneNote files becoming the