Security

At a location he keeps secret, John Honovich was on his laptop, methodically scouring every link on a website for a conference half a world away. Hikvision, the world’s largest security camera manufacturer, was hosting the event—the 2018 AI Cloud World Summit—in its hometown of Hangzhou, a city of about 10 million people not far from Shanghai. Honovich, the founder of a small trade publication that covered video surveillance technology, wanted to find out what the latest Hikvision gear could do.

As the role of cyber operations in international statecraft continues to grow, the United Kingdom’s National Cyber Force (NCF) has published a paper arguing that its activities are fundamentally different from those of its adversaries.

In contrast to the “reckless” cyberattacks which U.K. says Russia and China have engaged in — namely the destructive NotPetya and Microsoft Exchange operations — Britain’s offensive hacking activities are designed to be “accountable,” “precise,” and “calibrated,” the NCF explained.

Multiple threat actors—one working on behalf of a nation-state—gained access to the network of a US federal agency by exploiting a four-year-old vulnerability that remained unpatched, the US government warned.

Exploit activities by one group likely began in August 2021 and last August by the other, according to an advisory jointly published by the Cybersecurity and Infrastructure Security Agency, the FBI, and the Multi-State Information Sharing and Analysis Center. From last November to early January, the server exhibited signs of compromise.

GoDaddy said on Friday that its network suffered a multi-year security compromise that allowed unknown attackers to steal company source code, customer and employee login credentials, and install malware that redirected customer websites to malicious sites.

Over 600,000 “rows of private data” from the Penang government’s official website have allegedly been stolen and uploaded onto the internet.

The data was uploaded to a forum known as BreachForums by a user with the handle “LeakBase” on Jan 18, who said it was available for download.

According to Reddit, it "became aware of a sophisticated phishing campaign" late on February 5, 2023, that attempted to steal credentials and two-factor authentication tokens. 

A hacker is offering data from some 400 million Twitter accounts for sale that is said to have been scraped via an application programming interface vulnerability.

Linux has issued an update to address a kernel-level security vulnerability that affected server message block (SMB) servers.

The remote code execution (RCE) flaw allowed unauthenticated users to execute kernel-level code and received the maximum possible severity rating on the common vulnerability reporting system (CVSS). Most businesses and enterprise users are believed to be safe from any potential exploitation given that the vulnerability only affected the lesser-used KSMBD module rather than the more popular Samba suite.

Researchers recently discovered a Windows code-execution vulnerability that has the potential to rival EternalBlue, the name of a different Windows security flaw used to detonate WannaCry, the ransomware that shut down computer networks across the world in 2017.

Uber Technologies Inc. has suffered yet another data breach, with a hacker sharing the stolen data on BreachForums, the successor forum for the now-shuttered RaidForums.

The unimaginative hacker goes by the name of “UberLeak” with a post on BreachForums that reads “hacked by autistic fisherman Arion and scammed all LAPSUS$ members.” Lapsus$ is an infamous hacking group, but aside from the forum post, there is no indication of any link to the group.