Security

Russia-state hackers exploited a weak password to compromise Microsoft’s corporate network and accessed emails and documents that belonged to senior executives and employees working in security and legal teams, Microsoft said late Friday.

The attack, which Microsoft attributed to a Kremlin-backed hacking group it tracks as Midnight Blizzard, is at least the second time in as many years that failures to follow basic security hygiene has resulted in a breach that has the potential to harm customers.

Security researcher Troy Hunt has updated his valuable Have I Been Pwned free data breach notification service with as many as 71 million email addresses linked to hacked accounts.

The hijacked details were leaked online as part of the Naz.API dataset, which is a collection of over one billion user credentials stolen in previous data breaches and by malware tools.

A report of an Apple GPU security flaw has been confirmed by the company, acknowledging that the iPhone 12 and M2 MacBook Air are affected.

An exploit has been demonstrated by security researchers, which would allow an attacker to view data processed by the chip, including the results of things like ChatGPT queries …

JPMorgan Chase, one of Wall Street’s top financial institutions, is currently grappling with an alarming increase in cyberattacks. The company reportedly faces up to 45 billion cyber intrusion attempts daily, illustrating the severity and frequency of threats that global financial firms now confront. This surge in cybercrime worldwide has placed institutions like JPMorgan Chase on the front lines, enforcing stringent security measures to safeguard sensitive financial information and uphold their system’s integrity.

UEFI firmware from five of the leading suppliers contains vulnerabilities that allow attackers with a toehold in a user's network to infect connected devices with malware that runs at the firmware level.

A Dutch engineer recruited by the country’s intelligence services used a water pump to deploy the now-infamous Stuxnet malware in an Iranian nuclear facility, according to a two-year investigation conducted by Dutch newspaper De Volkskrant.

Unknown threat actors are actively targeting two critical zero-day vulnerabilities that allow them to bypass two-factor authentication and execute malicious code inside networks that use a widely used virtual private network appliance sold by Ivanti, researchers said Wednesday.

The Democratic People’s Republic of Korea (DPRK) has reportedly stolen nearly $600 million in cryptocurrency in 2023.

Additionally, there have also been reports stating that the last final days of the year also had evidence of cyberattacks, which, if confirmed, could increase the toll to $700 million.

Researchers on Wednesday presented intriguing new findings surrounding an attack that over four years backdoored dozens if not thousands of iPhones, many of which belonged to employees of Moscow-based security firm Kaspersky. Chief among the discoveries: the unknown attackers were able to achieve an unprecedented level of access by exploiting a vulnerability in an undocumented hardware feature that few if anyone outside of Apple and chip suppliers such as ARM Holdings knew of.

Apple's AirTags are meant to help you effortlessly find your keys or track your luggage. But the same features that make them easy to deploy and inconspicuous in your daily life have also allowed them to be abused as a sinister tracking tool that domestic abusers and criminals can use to stalk their targets.