#1 Trusted Cybersecurity News Platform
Followed by 5.20+ million
The Hacker News Logo
Subscribe – Get Latest News
DevSecOps

data breach | Breaking Cybersecurity News | The Hacker News

Category — data breach
AT&T Confirms Data Breach Affecting Nearly All Wireless Customers

AT&T Confirms Data Breach Affecting Nearly All Wireless Customers

Jul 13, 2024 Data Breach / Network Security
American telecom service provider AT&T has confirmed that threat actors managed to access data belonging to "nearly all" of its wireless customers as well as customers of mobile virtual network operators (MVNOs) using AT&T's wireless network. "Threat actors unlawfully accessed an AT&T workspace on a third-party cloud platform and, between April 14 and April 25, 2024, exfiltrated files containing AT&T records of customer call and text interactions that occurred between approximately May 1 and October 31, 2022, as well as on January 2, 2023," it said . This comprises telephone numbers with which an AT&T or MVNO wireless number interacted – including telephone numbers of AT&T landline customers and customers of other carriers, counts of those interactions, and aggregate call duration for a day or month. A subset of these records also contained one or more cell site identification numbers , potentially allowing the threat actors to triang...
New Ransomware Group Exploiting Veeam Backup Software Vulnerability

New Ransomware Group Exploiting Veeam Backup Software Vulnerability

Jul 10, 2024 Data Breach / Malware
A now-patched security flaw in Veeam Backup & Replication software is being exploited by a nascent ransomware operation known as EstateRansomware. Singapore-headquartered Group-IB, which discovered the threat actor in early April 2024, said the modus operandi involved the exploitation of CVE-2023-27532 (CVSS score: 7.5) to carry out the malicious activities. Initial access to the target environment is said to have been facilitated by means of a Fortinet FortiGate firewall SSL VPN appliance using a dormant account. "The threat actor pivoted laterally from the FortiGate Firewall through the SSL VPN service to access the failover server," security researcher Yeo Zi Wei said in an analysis published today. "Before the ransomware attack, there were VPN brute-force attempts noted in April 2024 using a dormant account identified as 'Acc1.' Several days later, a successful VPN login using 'Acc1' was traced back to the remote IP address 149.28.106[.]25...
Protecting Your Software Supply Chain: Assessing the Risks Before Deployment

Protecting Your Software Supply Chain: Assessing the Risks Before Deployment

Feb 11, 2025Software Security / Threat Intelligence
Imagine you're considering a new car for your family. Before making a purchase, you evaluate its safety ratings, fuel efficiency, and reliability. You might even take it for a test drive to ensure it meets your needs. The same approach should be applied to software and hardware products before integrating them into an organization's environment. Just as you wouldn't buy a car without knowing its safety features, you shouldn't deploy software without understanding the risks it introduces. The Rising Threat of Supply Chain Attacks Cybercriminals have recognized that instead of attacking an organization head-on, they can infiltrate through the software supply chain—like slipping counterfeit parts into an assembly line. According to the 2024 Sonatype State of the Software Supply Chain report , attackers are infiltrating open-source ecosystems at an alarming rate, with over 512,847 malicious packages detected last year alone—a 156% increase from the previous year. Traditional sec...
Experts Warn of Mekotio Banking Trojan Targeting Latin American Countries

Experts Warn of Mekotio Banking Trojan Targeting Latin American Countries

Jul 08, 2024 Malware / Cyber Threat
Financial institutions in Latin America are being threatened by a banking trojan called Mekotio (aka Melcoz). That's according to findings from Trend Micro, which said it recently observed a surge in cyber attacks distributing the Windows malware. Mekotio , known to be actively put to use since 2015, is known to target Latin American countries like Brazil, Chile, Mexico, Spain, Peru, and Portugal with an aim to steal banking credentials. First documented by ESET in August 2020, it's part of a tetrade of banking trojans targeting the region, such as Guildma, Javali, and Grandoreiro , the latter of which was dismantled by law enforcement earlier this year. "Mekotio shares common characteristics for this type of malware, such as being written in Delphi, using fake pop-up windows, containing backdoor functionality and targeting Spanish- and Portuguese-speaking countries," the Slovakian cybersecurity firm said at the time. The malware operation suffered a blow in ...
cyber security

Level Up Your Cyber Skills at SANS 2025

websiteSANS InstituteCyber Security / Training
Master in-demand techniques at our largest training event in 2025. Explore 50+ courses. Train in person to claim your $769 savings!
Critical Unpatched Flaws Disclosed in Popular Gogs Open-Source Git Service

Critical Unpatched Flaws Disclosed in Popular Gogs Open-Source Git Service

Jul 08, 2024 Vulnerability / Software Security
Four unpatched security flaws, including three critical ones, have been disclosed in the Gogs open-source, self-hosted Git service that could enable an authenticated attacker to breach susceptible instances, steal or wipe source code, and even plant backdoors. The vulnerabilities, according to SonarSource researchers Thomas Chauchefoin and Paul Gerste, are listed below - CVE-2024-39930 (CVSS score: 9.9) - Argument injection in the built-in SSH server CVE-2024-39931 (CVSS score: 9.9) - Deletion of internal files CVE-2024-39932 (CVSS score: 9.9) - Argument injection during changes preview CVE-2024-39933 (CVSS score: 7.7) - Argument injection when tagging new releases Successful exploitation of the first three shortcomings could permit an attacker to execute arbitrary commands on the Gogs server, while the fourth flaw allows attackers to read arbitrary files such as source code, and configuration secrets. In other words, by abusing the issues, a threat actor could read sou...
Webinar Alert: Learn How ITDR Solutions Stop Sophisticated Identity Attacks

Webinar Alert: Learn How ITDR Solutions Stop Sophisticated Identity Attacks

Jul 05, 2024 Cybersecurity / Identity Protection
Identity theft isn't just about stolen credit cards anymore. Today, cybercriminals are using advanced tactics to infiltrate organizations and cause major damage with compromised credentials. The stakes are high: ransomware attacks, lateral movement, and devastating data breaches. Don't be caught off guard. Join us for a groundbreaking webinar that will change the way you approach cybersecurity. Gain insider knowledge on Identity Threat Detection and Response (ITDR) , the latest technology designed to protect your identity like never before. In this power-packed session, you'll discover: Hidden Vulnerabilities in Your Security: Learn why traditional solutions are falling short and how ITDR fills these critical gaps. Top Features of ITDR Solutions: Get an insider's perspective on what sets the best ITDR solutions apart. ITDR in Action: See real-world scenarios where ITDR has thwarted sophisticated identity-based attacks. Future Trends in Identity Security: Stay a...
Twilio's Authy App Attack Exposes Millions of Phone Numbers

Twilio's Authy App Attack Exposes Millions of Phone Numbers

Jul 04, 2024 Data Breach / Mobile Security
Cloud communications provider Twilio has revealed that unidentified threat actors took advantage of an unauthenticated endpoint in Authy to identify data associated with Authy accounts, including users' cell phone numbers. The company said it took steps to secure the endpoint to no longer accept unauthenticated requests. The development comes days after an online persona named ShinyHunters published on BreachForums a database comprising 33 million phone numbers allegedly pulled from Authy accounts. Authy, owned by Twilio since 2015, is a popular two-factor authentication (2FA) app that adds an additional layer of account security. "We have seen no evidence that the threat actors obtained access to Twilio's systems or other sensitive data," it said in a July 1, 2024, security alert. But out of an abundance of caution, it's recommending that users upgrade their Android (version 25.1.0 or later) and iOS (version 26.1.0 or later) apps to the latest version. It...
TeamViewer Detects Security Breach in Corporate IT Environment

TeamViewer Detects Security Breach in Corporate IT Environment

Jun 28, 2024 Data Breach / Enterprise Security
TeamViewer on Thursday disclosed it detected an "irregularity" in its internal corporate IT environment on June 26, 2024. "We immediately activated our response team and procedures, started investigations together with a team of globally renowned cyber security experts and implemented necessary remediation measures," the company said in a statement. It further noted that its corporate IT environment is completely cut off from the product environment and that there is no evidence to indicate that any customer data has been impacted as a result of the incident. It did not disclose any details as to who may have been behind the intrusion and how they were able to pull it off, but said an investigation is underway and that it would provide status updates as and when new information becomes available. TeamViewer, based in Germany, is the maker of remote monitoring and management (RMM) software that allows managed service providers (MSPs) and IT departments to mana...
4 FIN9-linked Vietnamese Hackers Indicted in $71M U.S. Cybercrime Spree

4 FIN9-linked Vietnamese Hackers Indicted in $71M U.S. Cybercrime Spree

Jun 25, 2024 Cyber Crime / Financial Fraud
Four Vietnamese nationals with ties to the FIN9 cybercrime group have been indicted in the U.S. for their involvement in a series of computer intrusions that caused over $71 million in losses to companies. The defendants, Ta Van Tai (aka Quynh Hoa and Bich Thuy), Nguyen Viet Quoc (aka Tien Nguyen), Nguyen Trang Xuyen, and Nguyen Van Truong (aka Chung Nguyen), have been accused of conducting phishing campaigns and supply chain compromises to orchestrate cyber attacks and steal millions of dollars. "From at least May 2018 through October 2021, the defendants hacked the computer networks of victim companies throughout the United States and used their access to steal or attempt to steal non-public information, employee benefits, and funds," the U.S. Department of Justice said in an unsealed indictment last week. According to court documents, the individuals – after successfully gaining initial access to target networks – stole gift card data, personally identifiable informat...
SolarWinds Serv-U Vulnerability Under Active Attack - Patch Immediately

SolarWinds Serv-U Vulnerability Under Active Attack - Patch Immediately

Jun 21, 2024 Vulnerability / Data Protection
A recently patched high-severity flaw impacting SolarWinds Serv-U file transfer software is being actively exploited by malicious actors in the wild. The vulnerability, tracked as CVE-2024-28995 (CVSS score: 8.6), concerns a directory transversal bug that could allow attackers to read sensitive files on the host machine. Affecting all versions of the software prior to and including Serv-U 15.4.2 HF 1, it was addressed by the company in version Serv-U 15.4.2 HF 2 (15.4.2.157) released earlier this month. The list of products susceptible to CVE-2024-28995 is below - Serv-U FTP Server 15.4 Serv-U Gateway 15.4 Serv-U MFT Server 15.4, and Serv-U File Server 15.4 Security researcher Hussein Daher of Web Immunify has been credited with discovering and reporting the flaw. Following the public disclosure, additional technical details and a proof-of-concept (PoC) exploit have since been made available. Cybersecurity firm Rapid7 described the vulnerability as trivial to exploit ...
Chinese Cyber Espionage Targets Telecom Operators in Asia Since 2021

Chinese Cyber Espionage Targets Telecom Operators in Asia Since 2021

Jun 20, 2024 Cyber Espionage / Critical Infrastructure
Cyber espionage groups associated with China have been linked to a long-running campaign that has infiltrated several telecom operators located in a single Asian country at least since 2021. "The attackers placed backdoors on the networks of targeted companies and also attempted to steal credentials," the Symantec Threat Hunter Team, part of Broadcom, said in a report shared with The Hacker News. The cybersecurity firm did not reveal the country that was targeted, but said it found evidence to suggest that the malicious cyber activity may have started as far back as 2020. The attacks also targeted an unnamed services company that catered to the telecoms sector and a university in another Asian country, it added. The choice of tools used in this campaign overlaps with other missions conducted by Chinese espionage groups like Mustang Panda (aka Earth Preta and Fireant), RedFoxtrot (aka Neeedleminer and Nomad Panda), and Naikon (aka Firefly) in recent years. This incl...
New Case Study: Unmanaged GTM Tags Become a Security Nightmare

New Case Study: Unmanaged GTM Tags Become a Security Nightmare

Jun 19, 2024 GDPR Compliance / Data Privacy
Are your tags really safe with Google Tag Manager? If you've been thinking that using GTM means that your tracking tags and pixels are safely managed , then it might be time to think again. In this article we look at how a big-ticket seller that does business on every continent came unstuck when it forgot that you can't afford to allow tags to go unmanaged or become misconfigured.  Read the full case study here . Google Tag Manager saves website owners time and money. Its visual interface lets them attach tracking tags to their sites and then modify them as needed without the need to call a developer every time. Such tags gather the marketing and analytics data that power growth, and GTM makes them easier to manage, but with strict rules around data privacy to consider, you can't trust it completely; it needs active oversight. The ticket seller A case in point that we recently became aware of involves a global company that sells tickets to live events. With global operations i...
China-Linked Hackers Infiltrate East Asian Firm for 3 Years Using F5 Devices

China-Linked Hackers Infiltrate East Asian Firm for 3 Years Using F5 Devices

Jun 17, 2024 Cyber Espionage / Vulnerability
A suspected China-nexus cyber espionage actor has been attributed as behind a prolonged attack against an unnamed organization located in East Asia for a period of about three years, with the adversary establishing persistence using legacy F5 BIG-IP appliances and using it as an internal command-and-control (C&C) for defense evasion purposes. Cybersecurity company Sygnia, which responded to the intrusion in late 2023, is tracking the activity under the name Velvet Ant , characterizing it as possessing robust capabilities to swiftly pivot and adapt their tactics to counter repeated eradication efforts. "Velvet Ant is a sophisticated and innovative threat actor," the Israeli company said in a technical report shared with The Hacker News. "They collected sensitive information over a long period of time, focusing on customer and financial information." The attack chains involve the use of a known backdoor called PlugX (aka Korplug), a modular remote access tr...
ZKTeco Biometric System Found Vulnerable to 24 Critical Security Flaws

ZKTeco Biometric System Found Vulnerable to 24 Critical Security Flaws

Jun 14, 2024 Device Security / Authentication
An analysis of a hybrid biometric access system from Chinese manufacturer ZKTeco has uncovered two dozen security flaws that could be used by attackers to defeat authentication, steal biometric data, and even deploy malicious backdoors. "By adding random user data to the database or using a fake QR code, a nefarious actor can easily bypass the verification process and gain unauthorized access," Kaspersky said . "Attackers can also steal and leak biometric data, remotely manipulate devices, and deploy backdoors." The 24 flaws span six SQL injections, seven stack-based buffer overflows, five command injections, four arbitrary file writes, and two arbitrary file reads. A brief description of each vulnerability type is below - CVE-2023-3938 (CVSS score: 4.6) - An SQL injection flaw when displaying a QR code into the device's camera by passing a specially crafted request containing a quotation mark, thereby allowing an attacker to authenticate as any user in th...
Lessons from the Snowflake Breaches

Lessons from the Snowflake Breaches

Jun 12, 2024 Data Breach / Identity Management
Last week, the notorious hacker gang, ShinyHunters, sent shockwaves across the globe by allegedly plundering 1.3 terabytes of data from 560 million users. This colossal breach, with a price tag of $500,000, could expose the personal information of a massive swath of a live event company's clientele, igniting a firestorm of concern and outrage.  Let's review the facts: two large organizations announced that they suffered a data breach, identifying unauthorized activity within a third-party cloud database environment. The accessed business records contained critical information on some employees, a large number of customers and other key business data.  The cloud connection  What might link these two breaches is the cloud data company Snowflake, which counts among its users both organizations. Snowflake did publish a warning with CISA , indicating a "recent increase in cyber threat activity targeting customer accounts on its cloud data platform." Snowflake issued a reco...
Black Basta Ransomware May Have Exploited MS Windows Zero-Day Flaw

Black Basta Ransomware May Have Exploited MS Windows Zero-Day Flaw

Jun 12, 2024 Ransomware / Endpoint Security
Threat actors linked to the Black Basta ransomware may have exploited a recently disclosed privilege escalation flaw in the Microsoft Windows Error Reporting Service as a zero-day, according to new findings from Symantec. The security flaw in question is CVE-2024-26169 (CVSS score: 7.8), an elevation of privilege bug in the Windows Error Reporting Service that could be exploited to achieve SYSTEM privileges. It was patched by Microsoft in March 2024. "Analysis of an exploit tool deployed in recent attacks revealed evidence that it could have been compiled prior to patching, meaning at least one group may have been exploiting the vulnerability as a zero-day," the Symantec Threat Hunter Team, part of Broadcom, said in a report shared with The Hacker News. The financially motivated threat cluster is being tracked by the company under the name Cardinal. It's also monitored by the cybersecurity community under the names Storm-1811 and UNC4393 . It's known to mon...
China-Backed Hackers Exploit Fortinet Flaw, Infecting 20,000 Systems Globally

China-Backed Hackers Exploit Fortinet Flaw, Infecting 20,000 Systems Globally

Jun 12, 2024
State-sponsored threat actors backed by China gained access to 20,000 Fortinet FortiGate systems worldwide by exploiting a known critical security flaw between 2022 and 2023, indicating that the operation had a broader impact than previously known. "The state actor behind this campaign was already aware of this vulnerability in FortiGate systems at least two months before Fortinet disclosed the vulnerability," the Dutch National Cyber Security Centre (NCSC) said in a new bulletin. "During this so-called zero-day period, the actor alone infected 14,000 devices." The campaign targeted dozens of Western governments, international organizations, and a large number of companies within the defense industry. The names of the entities were not disclosed. The findings build on an earlier advisory from February 2024, which found that the attackers had breached a computer network used by the Dutch armed forces by exploiting CVE-2022-42475 (CVSS score: 9.8), which allows...
FBI Distributes 7,000 LockBit Ransomware Decryption Keys to Help Victims

FBI Distributes 7,000 LockBit Ransomware Decryption Keys to Help Victims

Jun 07, 2024 Ransomware / Endpoint Security
The U.S. Federal Bureau of Investigation (FBI) has disclosed that it's in possession of more than 7,000 decryption keys associated with the LockBit ransomware operation to help victims get their data back at no cost. "We are reaching out to known LockBit victims and encouraging anyone who suspects they were a victim to visit our Internet Crime Complaint Center at ic3.gov," FBI Cyber Division Assistant Director Bryan Vorndran said in a keynote address at the 2024 Boston Conference on Cyber Security (BCCS). LockBit, which was once a prolific ransomware gang, has been linked to over 2,400 attacks globally, with no less than 1,800 impacting entities in the U.S. Earlier this February, an international law enforcement operation dubbed Cronos led by the U.K. National Crime Agency (NCA) dismantled its online infrastructure. Last month, a 31-year-old Russian national named Dmitry Yuryevich Khoroshev was outed by authorities as the group's administrator and developer, a ...
Expert Insights / Articles Videos
Cybersecurity Resources