Earlier this year, we reported on how a former employee said #Microsoft dismissed his warnings about a critical flaw because it feared losing #government business. #Russian hackers later used the weakness to breach the National Nuclear Security Administration, among others.

https://www.propublica.org/article/microsoft-solarwinds-golden-saml-data-breach-russian-hackers

#Tech #News #Cybersecurity #Hacking #Data #Technology

"A lawyer who was allegedly hacked with government-grade spyware made by the infamous surveillance tech maker NSO Group has filed a complaint in court against two of the company’s founders and one executive. It appears to be the first attempt to hold the people behind a spyware company accountable for hacking crimes, rather than just the company itself.

On Wednesday, the Barcelona-based human rights nonprofit Iridia announced that it had filed a complaint in a Catalan court earlier this week accusing NSO’s founders Omri Lavie and Shalev Hulio, as well as Yuval Somekh, an executive of two affiliate companies, of hacking crimes.

Iridia represents lawyer Andreu Van den Eynde, an attorney and university professor who specializes in cybersecurity. According to a 2022 investigation by Citizen Lab, a nonprofit that has been investigating government spyware for more than a decade, Van den Eynde was among the victims of a wide-ranging hacking campaign against at least 65 Catalans linked to the region’s attempts to become independent from Spain, which was carried out using NSO’s Pegasus software. Amnesty International independently confirmed Citizen Lab’s findings."

https://techcrunch.com/2024/11/13/lawyer-allegedly-hacked-with-spyware-names-nso-founders-in-lawsuit/

#CyberSecurity #NSOGroup #Pegasus #Spyware #Spain #Hacking

"On Monday Amazon confirmed a breach of employee data which was published on a crime-focused forum, according to a statement from Amazon to 404 Media.

The data includes the employees’ name, work contact information, and what location they work at, and has more than 2.8 million lines of data, according to the post on Breach Forums. The post says the source of the data was MOVEit, which is suite of cloud data management tools.

“Amazon and AWS systems remain secure, and we have not experienced a security event. We were notified about [a] security event at one of our property management vendors that impacted several of its customers including Amazon. The only Amazon information involved was employee work contact information, for example work email addresses, desk phone numbers, and building locations,” an Amazon spokesperson told 404 Media in an email."

https://www.404media.co/amazon-confirms-breach-of-employee-data/

#Amazon #DataBreach #DataProtection #Privacy #Hacking #CyberSecurity

A cyberattack on payment systems blocked cards readers across stores and gas stations in #Israel
https://securityaffairs.com/170823/hacking/cyberattack-payment-systems-israel.html
#securityaffairs #hacking #iphone

"The FBI is warning that hackers are obtaining private user information — including emails and phone numbers — from U.S.-based tech companies by compromising government and police email addresses to submit “emergency” data requests.

The FBI’s public notice filed this week is a rare admission from the federal government about the threat from fraudulent emergency data requests, a legal process designed to help police and federal authorities obtain information from companies to respond to immediate threats affecting someone’s life or property. The abuse of emergency data requests is not new, and has been widely reported in recent years. Now, the FBI warns that it saw an “uptick” around August in criminal posts online advertising access to or conducting fraudulent emergency data requests, and that it was going public for awareness.

“Cyber-criminals are likely gaining access to compromised US and foreign government email addresses and using them to conduct fraudulent emergency data requests to US based companies, exposing the personal information of customers to further use for criminal purposes,” reads the FBI’s advisory."

https://techcrunch.com/2024/11/08/fbi-says-hackers-are-sending-fraudulent-police-data-requests-to-tech-giants-to-steal-peoples-private-information/

#USA #CyberSecurity #FBI #Hacking #Privacy #DataProtection #DataBreaches

Checking your own phone for signs of compromise is easy using Amnesty International Security Lab's Mobile Verification Toolkit. Here's how iPhone users can do it now:

https://scidsg.medium.com/how-to-check-your-iphone-for-pegasus-338bafb2358e

#threatmodel #security #iPhone #hacking #phishing #amnesty #journalism #opensource #press #law

"AT&T. Ticketmaster. Santander Bank. Neiman Marcus. Electronic Arts. These were not entirely isolated incidents. Instead, they were all hacked thanks to “infostealers,” a type of malware that is designed to pillage passwords and cookies stored in the victim’s browser. In turn, infostealers have given birth to a complex ecosystem that has been allowed to grow in the shadows and where criminals fulfill different roles. There are Russian malware coders continually updating their code; teams of professionals who use glitzy advertising to hire contractors to spread the malware across YouTube, TikTok, or GitHub; and English-speaking teenagers on the other side of the world who then use the harvested credentials to break into corporations. At the end of October, a collaboration of law enforcement agencies announced an operation against two of the world’s most prevalent stealers. But the market has been able to grow and mature so much that now law enforcement action against even one part of it is unlikely to make any lasting dent in the spread of infostealers.

Based on interviews with malware developers, hackers who use the stolen credentials, and a review of manuals that tell new recruits how to spread the malware, 404 Media has mapped out this industry. Its end result is that a download of an innocent-looking piece of software by a single person can lead to a data breach at a multibillion-dollar company, putting Google and other tech giants in an ever-escalating cat-and-mouse game with the malware developers to keep people and companies safe."

https://www.wired.com/story/inside-the-massive-crime-industry-thats-hacking-billion-dollar-companies/

#CyberSecurity #CyberCrime #Hacking #Malware #InfoStealers #DataBreaches

"A man in Canada who is suspected of being the hacker behind this year’s wave of Snowflake-related breaches has been arrested.

The news comes after months of high profile data breaches, including AT&T, Ticketmaster, and LendingTree. In all, the hacker, who uses the nicknames Judische and Waifu, is linked to more than 165 Snowflake instance breaches. The arrest also comes after 404 Media reported that the walls were closing in on the hacker, with cybersecurity researchers gathering valuable information on the suspect and coordinating with international law enforcement.

Messages sent by 404 Media to Judische over the last week have gone undelivered, with 404 Media last speaking to them on October 27. In mid-October, Judsiche told 404 Media they were worried that they would be arrested soon. “I've destroyed a lot of evidence and well poisoned the stuff I can't destroy so when/if it does happen it's just conspiracy which I can bond out and beat,” they claimed."

https://www.404media.co/suspected-snowflake-hacker-arrested-in-canada/

#CyberSecurity #DataBreaches #Hacking #CyberCrime #Snowflake #Canada

A massive hacking scandal that has engulfed Italy is now threatening to spill beyond its borders, sucking in Israel, the Vatican, the United Kingdom and Lithuania. https://www.politico.eu/article/vatican-israel-italian-hacking-scandal-uk-lithuania-equalize/ #italy #vatican #israel #hacking #infosec

#Mozilla issued an urgent #Firefox update to fix an actively exploited flaw
https://securityaffairs.com/169590/security/mozilla-firefox-actively-exploited-flaw.html
#securityaffairs #hacking

So ...let's face it. A LOT of folks in tech circles are somewhat amazed a fully #blind person can even find the power button on a computer, let alone operate it professionally. I am such a person, and I'd like to bust that myth.
It's also true that many #hacking tools, platforms, courses etc. could use some help in the #accessibility department. It's a neverending vicious circle.
Enter my new twitch channel, IC_null. On this channel, I will be streaming #programming and #hacking content including THM, HTB and who knows what else, from the perspective of a #screenReader user.
What I need, is an audience. If this is something you reckon you or anybody you know might be interested in, drop the channel a follow or share this post. Gimme that #infoSec Mastodon sense of comradery and help me out to make this idea an actual thing :) https://twitch.tv/ic_null #tryHackMe #streamer #selfPromo

It's the off-season for #cycling , so I did some measurements for a hub #dynamo and published them on my #blog.

No one on the 'net seems to show how voltage changes depending on load, so I measured that.

Results:
- a dynamo is not a actually well modeled as a current source
- voltage spikes will fry your #electronics , but you can prevent it

https://dorotac.eu/posts/dynamo/

#hacking #BikeTooter #cycling

Taylor Swift: Ticketek accounts hacked as ‘thousands’ of Australian fans fear for tickets before Eras tour https://www.theguardian.com/music/2024/feb/13/taylor-swift-eras-tour-australia-ticketek-pop-ups-details-locations-scam-help #Swift #infosec #hacking