The Idaho National Laboratory said hackers stole personal data of more than 45,000 individuals connected with the facility following a self-proclaimed hacktivist group's claims of a breach. The data theft stems from a Nov. 20 incident affecting the organization's off-site Oracle HCM HR system.
Hackers are using publicly disclosed proof-of-concept code to exploit a recently patched critical vulnerability found in the Apache Struts 2 Framework to achieve remote code execution. The Apache Foundation, which manages the Struts library, on Dec. 7 urged developers to apply a patch.
Ukraine's domestic security agency on Wednesday fingered Russian military hackers as being responsible for hacking Kyivstar, in a statement acknowledging damage to the telecom operator's digital infrastructure. Ukraine's top telecom operator was the target of a Tuesday cyberattack.
A threat actor with a history of sending Trojan-laced phishing emails targeted Ukrainian and Polish authorities with emails with the subject lines "judicial claims" and "debts," Ukrainian cyber defenders said Thursday. CERT-UA tracks the threat actor as UAC-0050.
A Russia-linked disinformation campaign known as Doppelgänger is employing advanced obfuscation techniques and likely deploying AI to generate content, say security researchers. Doppelgänger has been called Russia's "most aggressively persistent covert influence operation" since 2017.
Genetics testing firm 23andMe says hackers, in a credential-stuffing attack this fall, siphoned the ancestry data of 6.9 million individuals. 23andMe disclosed the attack on Oct. 1, stating the attackers had scraped the profiles of 23andMe users who opted in to the company's DNA Relatives feature.
Operators of a new ransomware strain dubbed Cactus are using critical vulnerabilities in a data analytics platform to gain access to corporate networks. Cactus ransomware operators are also getting an assist from deploying Danabot malware that is distributed through malvertising.
This week, a KyberSwap hacker demanded total control, the U.S. Treasury called for additional tools to sanction crypto baddies, the Aerodrome and Velodrome DeFi platforms' front ends were hacked, a scam-as-a-service wallet drainer shut down, Indexed Finance thwarted hijacking attempts, and more.
Identity and authentication giant Okta said the attacker behind its September data breach stole usernames and contact details for all users of its primary customer support system and warned customers to beware potential follow-on phishing and social engineering attacks.
A cyber incident that incapacitated four major Australian ports for days also resulted in the theft by hackers of employee data, the port operator said Tuesday. Hackers obtained personal information of current and former employees of DP World Australia in an incident first detected on Nov. 10.
Police have arrested a group of criminals in Ukraine, including their alleged ringleader, who they suspect launched ransomware attacks against organizations across 71 countries, amassing at least 1,800 victims, from which they demanded ransoms collectively worth hundreds of millions of dollars.
Mobile banking Trojans spread through deceptive social media messages remain a problem for Indian smartphone users, warns Microsoft. India accounts for 4 in 10 global transactions made with digital payments, according to the National Payments Corporation of India.
A hacking group linked to Russian domestic intelligence and known as Gamaredon is deploying a worm dubbed "LitterDrifter" that is spread through thumb drives to attack Ukrainian organizations. LitterDrifter has two functions: automatic propagation and communication with command-and-control servers.
An Israeli private eye faces nearly seven years in U.S. prison after admitting he had overseen a hacking campaign against climate change activists. A Manhattan federal judge on Thursday sentenced Aviram Azari to 80 months in prison after he pleaded guilty in April 2022.
Russian state hackers targeted European embassies and international organizations in espionage attacks exploiting a recently patched vulnerability in a popular Windows utility for archiving files, say Ukrainian government cybersecurity researchers.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing govinfosecurity.com, you agree to our use of cookies.