Hacking, Security & Privacy News - Page 1

A hacking group has claimed to have stolen an astonishing 500 million Ticketmaster customers' data, which includes a treasure trove of sensitive user data.

It was only last month Ticketmaster was slapped by the Department of Justice (DOJ), which filed an anti-trust lawsuit against Ticketmaster's parent company Live Nation Entertainment over its alleged monopoly on the entertainment industry. Now, Ticketmaster is reportedly suffering as a hacking group claimed to have stolen more than 500 million Ticketmaster customers' data in a recent attack, which the group is now turning around and attempting to sell for $500,000.

According to the hacker group the treasure trove of stolen data is approximately 1.3 terabytes and contains various sensitive user information such as full names of Ticketmaster customers, their addresses, phone numbers, email addresses, order history and ticket purchase details. It doesn't stop there. The group also claims to have scraped customers' payment data which includes names and the last four digits of their credit card numbers that were used at checkout of the ticketing service.

United States authorities announced they have arrested the administrator behind what is likely the world's largest botnet, which included more than 19 million compromised Windows machines across multiple countries.

The description of the world's largest botnet comes from FBI director Christopher Wray, who said the botnet was used to gather millions of dollars from people over the last 10 years. More specifically, the FBI director said to the Justice Department that a international cyber operation was conducted to identify the alleged administrator of the botnet known as "911 S5", who was found to be the individual Yunhe Wang. Wang was arrested and US authorities "seized infrastructure and assets, and levied sanctions against Wang and his co-conspirators," said Wray.

The infection of this botnet was truly global, with US officials writing the 911 S5 Botnet had infected PCs in nearly 200 countries and "facilitated a whole host of computer-enabled crimes, including financial frauds, identity theft, and child exploitation." Moreover, the US Treasury wrote in its announcement Wang didn't act alone in the venture, and named two more alleged perpetrators, Jingping Liu and Yanni Zheng. In total, the US authorities believe the botnet netted Wang and others involved $99 million.

Two college students discovered a security exploit within the API of a washing machine that is currently in use across several countries.

Alexander Sherbrooke and Iakov Taranenko discovered the security flaw within the API created by the company behind the washing machines, CSC ServiceWorks. The two students claim the vulnerability within the internet-connected API enabled them to remotely turn a machine on without payment, and update their laundry account to display millions of dollars. Reports indicate that CSC ServiceWorks has more than a million machines across college campuses, housing communities, and laundromats in the US, Canada, and Europe.

The two college students contacted CSC ServiceWorks about the security flaw and didn't receive a response from the company, but noticed shortly after their laundry account balance was changed from millions of dollars back to $0. The two students spoke to The Verge and said the lack of response from CSC ServiceWorks led them to tell other people about the vulnerability, which resulted in the posting of the list of commands that enables anyone to access CSC's network-connected laundry machines.

Traveling to a new country for work, leisure, or vacation can be as exciting as it can be daunting. You want to make the most of your time abroad, so everything from flights to accommodation to sites to see and food and beverages to consume happens online. However, at any point, do you stop and take a moment to consider cyberattacks and cybersecurity when traveling or planning a trip?

The answer should be yes because cybercrime is as much of a threat as physical crime, especially when going on holiday or traveling to a new country.

According to ExpressVPN, a recent survey showed that 7% of travelers experienced some form of hacking or fell victim to a digital scam while traveling. This figure wasn't far off the 10% that experienced physical crime in the form of hotel room theft or pickpocketing.

FBI director Christopher Wray has said that a Chinese hacking group has infiltrated critical infrastructure systems in the US and is simply just waiting for the right moment to strike.

Wray revealed the news at the Vanderbilt Summit on Modern Conflict and Emerging Threats and said the group behind the attacks is called Volt Typhoon, and they have infested systems that are dedicated to controlling water, energy, and telecommunications. More specifically, Volt Typhoon has gained access to 23 pipeline operators, and according to the FBI director, China is developing the "ability to physically wreak havoc on our critical infrastructure at a time of its choosing."

Wray says China's plan is to attack critical civilian infrastructure to induce panic among the population. "Its plan is to land low blows against civilian infrastructure to try to induce panic," said Wray. Additionally, the FBI director said it was difficult to determine if these hacks are part of China's overall intention to push the US away from defending Taiwan.

Microsoft announced early last month that on January 12, 2024, it detected a security breach in its corporate email systems, which was traced back to the notorious hacking group Midnight Blizzard.

The hacking group is known to be a Russia government-backed group that also goes by the name Nobelium, and the attack on Microsoft servers resulted in the group gaining access to federal government emails. Now, the US Cybersecurity and Infrastructure Security Agency (CISA), the cybersecurity arm of the US government, has confirmed via a statement published on Thursday that federal government emails were stolen "through a successful compromise of Microsoft corporate email accounts."

"Midnight Blizzard's successful compromise of Microsoft corporate email accounts and the exfiltration of correspondence between agencies and Microsoft presents a grave and unacceptable risk to agencies," said CISA

Apple has issued a threat notification to users in 92 countries, warning them that they may have been an individual target of mercenary spyware attacks.

The company took to its support blog to explain its threat notifications are designed to inform users they may have been individually targeted by mercenary spyware attacks because of who they are or what they do. Notably, Apple states these attacks are "vastly more complex than regular cybercriminal activity and consumer malware" as mercenary spyware groups have "exception resources," and they target a small number of specific individuals and their devices.

Additionally, Apple says these mercenary groups apply "millions of dollars" to their hacking ventures, and they only have a "short shelf life," which makes them very hard to detect/prevent. Apple says that historically, these attacks can be traced back to state-sponsored groups or private companies performing the attacks on behalf of the state, and since 2021, the company has notified users in over 150 countries.

Microsoft has fixed a record-number of security vulnerabilities in an April 9, 2024 update that the company has classified as critical.

The 147 security vulnerabilities have now been fixed, with three of them being in Microsoft Defender for IoT, and all but two of them considered "high risk". The company says that none of the security vulnerabilities have been exploited, and it hasn't provided any details on the vulnerabilities themselves.

According to reports the large number of the vulnerabilities that are now patched are in response to a number of Remote Code Activation (RCE) exploits found in the OLE DB driver for SQL Server (38), DHCP and DNS servers (9) and SFB vulnerabilities within Secure Boot (24).

Google has taken to its blog to share a 2023 Year in Review for its Vulnerability Reward Program, a community-driven security effort that Google pays decent money for.

Google has rewarded 632 security researchers from 68 different countries with $10 million for all of the bugs discovered in the company's products such as Android and Google-powered devices. Notably, the maximum payout per issue was $15,000, and the biggest payout for a vulnerability report throughout 2023 was $113,337. During 2023 Google added generative AI platforms such as Gemini were added to the Vulnerability Reward Program, and throughout the year 35 reports were paid out for a total of $87,000.

More specifically, Google writes that for Android and Google's own devices it paid out $3.4 million for bugs discovered, with bugs found in its Wear OS and Android Automotive operating systems generating $70,000 across 20 critical bug discoveries. Google Chrome security researchers earned a hefty chunk of money pulling in $2.1 million for 359 vulnerability reports. If you are interested in reading more about this story, check out Google's blog post here.

Microsoft has finally addressed what has been described as the "holy grail" of Windows security vulnerabilities after being informed about it six months ago.

Cybersecurity researchers from Avast informed Microsoft of the "holy grail" of security vulnerabilities in Windows that was used by the North Korean hackers Lazarus Group. The rootkit vulnerability was an admin-to-kernel exploit that was associated with a driver for AppLocker, which is an app that is designed for whitelisting software built into Windows. Notably, the vulnerability was discovered in the input/output dispatcher of appid.sys.

"A user-space attacker could abuse it to essentially trick the kernel into calling an arbitrary pointer. This presented an ideal exploitation scenario, allowing the attacker to call an arbitrary kernel function with a high degree of control over the first argument," said Avast