Tag Archive for: Reportedly

Hackers reportedly breach thousands of Gen Digital customer accounts

/in


Hackers have breached the accounts of about 6,450 Gen Digital Inc. customers, TechCrunch reported on Sunday.

Gen Digital Inc. is a publicly traded maker of antivirus software for consumers. The company was formed last September through the merger of cybersecurity providers Norton LifeLock Inc. and Avast plc. Besides antivirus software, Gen Digital also sells other cybersecurity products including a password manager and a virtual private network tool. 

Reports that some Gen Digital customer accounts had been breached first emerged on Friday. The next day, the company told Bleeping Computer in a statement that it has “secured 925,000 inactive and active accounts that may have been targeted” by hackers. On late Sunday, TechCrunch reported that 6,450 customers’ accounts were breached.

Gen Digital believes that the hackers may have accessed the names, phone numbers and mailing addresses of affected customers. The company also determined that the breach may have compromised some user data stored in its Norton Password Manager tool. According to Gen Digital, it’s possible the hackers accessed the login credentials that affected customers kept in Norton Password Manager.

Gen Digital said in a statement that its systems were not compromised in the breach. According to the antivirus maker, the hackers gained access to customer accounts through a credential-stuffing attack. That’s a type of cyberattack in which hackers use login credentials stolen from one company to compromise the customers of another.

“Systems have not been compromised, and they are safe and operational, but as is all too commonplace in today’s world for bad actors to take credentials found elsewhere, like the dark web, and create automated attacks to gain access to other unrelated accounts,” a company spokesperson told Bleeping Computer. 

Gen Digital first identified the breach on Dec. 12 after detecting a large number of failed login attempts that targeted its customers’ accounts. The company has determined that the hackers began accessing customer accounts as early as Dec. 1.

After detecting the breach, Gen Digital notified affected customers and reset their passwords. The company says that…

Source…

North Korea Reportedly Exploited Itaewon Tragedy in Hacking Attempt

/in


Seoul, South Korea – North Korean hackers exploited public interest in October’s tragic Itaewon crowd surge to target South Koreans with malware, Google cybersecurity researchers said Wednesday.

The North Korean hackers distributed a corrupted Microsoft Word document that appeared to be an official press release from South Korea’s Ministry of Interior and Safety, according to a blog post by Google’s Threat Analysis Group, which focuses on government-backed cyber-attacks.

Once opened, the document would download another file that would attempt to deploy malware onto the user’s device.

The document exploited a weakness in the Internet Explorer web browser, an attack known as a zero-day vulnerability, the Google blog post said. In a zero-day attack, hackers exploit such unidentified flaws to gain access to a computer system.

‘We attribute this activity to a group of North Korean government-backed actors known as APT37,’ Google added, saying the group has previously carried out similar attacks.

At least 158 people died in the crowd surge, which occurred when Halloween partygoers became stuck in a narrow alley in Seoul’s Itaewon neighborhood on October 29.

A man bows in the middle of the scene of a deadly accident following Saturday night's Halloween festivities in Seoul, South Korea, Monday, Oct. 31, 2022.A man bows in the middle of the scene of a deadly accident following Saturday night's Halloween festivities in Seoul, South Korea, Monday, Oct. 31, 2022.

South Korea Probes Halloween Crowd Surge as Nation Mourns

North Korea’s government never offered condolences in the incident. Instead, North Korea fired an unprecedented barrage of missiles, including some that landed near South Korea’s coast, during the South’s period of national mourning.

FILE - A man watches a television showing a news broadcast with file footage of a North Korean missile test, at a railway station in Seoul on Nov. 18, 2022. FILE - A man watches a television showing a news broadcast with file footage of a North Korean missile test, at a railway station in Seoul on Nov. 18, 2022.

N. Korea Fires Artillery Near Border in Warning to S. Korea

Google did not specify how the North Korean hackers distributed the corrupted document, who received it or how many devices may have been affected.

Google said it became aware of the North Korean malware in late October after multiple users from South Korea uploaded the document to the company’s VirusTotal tool, which analyzes suspicious files.

Within hours of discovering the hacking attempt, Google reported it to Microsoft, which sent out security updates about a week later to protect users from the attack, Google said.

‘This is not the first time APT37 has used Internet Explorer 0-day exploits to target users,’ Google said. ‘The group has historically focused their targeting on South…

Source…

A radio telescope in China reportedly discovers a possible alien signal

/in


Humans have invented a rogue’s gallery of nightmarish fictional aliens over the decades: acid-blooded xenomorphs who want to eat us and lay their eggs in our chest cavities; Twilight Zone Kanamits who want to fatten us up like cows and eat us; those lizard creatures in the 1980s miniseries V who want to harvest us for food. (You may be sensing a theme here.)

But the most frightening vision isn’t an alien being at all — it’s a computer program.

In the 1961 sci-fi drama A for Andromeda, written by the British cosmologist Fred Hoyle, a group of scientists running a radio telescope receive a signal originating from the Andromeda Nebula in outer space. They realize the message contains blueprints for the development of a highly advanced computer that generates a living organism called Andromeda.

Andromeda is quickly co-opted by the military for its technological skills, but the scientists discover that its true purpose — and that of the computer and the original signal from space — is to subjugate humanity and prepare the way for alien colonization.

No one gets eaten in A for Andromeda, but it’s chilling precisely because it outlines a scenario that some scientists believe could represent a real existential threat from outer space, one that takes advantage of the very curiosity that leads us to look to the stars. If highly advanced aliens really wanted to conquer Earth, the most effective way likely wouldn’t be through fleets of warships crossing the stellar vastness. It would be through information that could be sent far faster. Call it “cosmic malware.”

Phoning ET

To discuss the possibility of alien life seriously is to embark upon an uncharted sea of hypotheses. Personally, I fall on the Agent Scully end of the alien believer spectrum. The revelation of intelligent extraterrestrials would be an extraordinary event, and as SETI pioneer Carl Sagan himself once said, “extraordinary claims require extraordinary evidence.”

Intelligent extraterrestrials who also want to hack our planet would be even more extraordinary. But this scenario became a bit easier to envision this week.

On Wednesday, a story published in China’s state-backed Science and…

Source…

Hackers Reportedly Gain Access to Drug Enforcement Administration Data Portal

/in


It’s thought hackers have managed to compromise a data portal run by the US Drug Enforcement Administration (DEA), unlocking access to a wealth of information.

As cybersecurity journalist Brian Krebs reports, the breach would have allowed the attackers to prowl through 16 federal law enforcement databases covering a wide variety of investigative data. How did this happen? A failure to implement multi-factor authentication seems to be a key cause.

Krebs wrote that he’s learned “the alleged compromise is tied to a cybercrime and online harassment community that routinely impersonates police and government officials to harvest personal information on their targets.”

He said a tip for this story came from an unnamed administrator at Doxbin—“a highly toxic online community that provides a forum for digging up personal information on people and posting it publicly.” Krebs further noted that this unauthorized access could be abused to upload fake data about suspects, citing commentary from Nicholas Weaver, a researcher at the University of California at Berkeley’s International Computer Science Institute.

False tips have often been used to initiate “swatting” attacks, in which hoax reports about crimes in progress lead to police swarming a residence with heavily armed SWAT teams. The target–or a random bystander–can wind up dead in the process. 

Unfortunately, Krebs has personal experience with that scenario. In 2013, Fairfax County, Va., police showed up at his door, guns drawn after getting a phony tip that Russians had broken in and shot his wife. The perpetrator was caught after participating in an online forum clandestinely run by the FBI, and subsequently got sentenced in 2016.

The login page for the DEA’s El Paso Intelligence Center (yes, EPIC) invites users to log in with a government-issued Personal Identity Verification card, but also allows traditional username and password access. The source Krebs spoke to told him that “the hacker who obtained this illicit access was able to log in using the stolen credentials alone, and that at no time did the portal prompt for a second authentication factor.”

That would be a serious security risk for a webmail…

Source…