Samsung Tickets Data Leak: Infostealers Strike Again in Massive Free Dump | InfoStealers

A data breach at Samsung Germany, involving 270,000 customer tickets, was caused by credentials stolen by infostealer malware in 2021. The leaked data, which includes personal information and transactional details, can be exploited by cybercriminals for physical attacks, targeted phishing, and fraudulent warranty claims. The breach highlights the importance of proactive credential monitoring and rotation to prevent similar incidents.

Oracle Cloud Data Breach: Six Million Records Stolen, 140,000 Clients Potentially Impacted - CPO Magazine

A recent data breach of Oracle Cloud resulted in the theft of six million records and potentially impacted 140,000 clients. The breach, attributed to a previously known vulnerability dating back to 2014, allowed attackers to compromise an Oracle Cloud subdomain and steal encrypted passwords. The attackers, seeking to ransom victims and sell stolen data, have offered a variety of purloined file types and credentials for sale on the dark web.

Oracle (ORCL) Warns Health Customers of Patient Data Breach - Bloomberg

Hackers breached Oracle’s systems, stealing patient data from older Cerner servers not yet migrated to Oracle’s cloud. The FBI is investigating the breach and extortion attempts against medical providers.

RESURGE Malware Exploits Ivanti Flaw with Rootkit and Web Shell Features

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has identified a new malware called RESURGE, which exploits a now-patched security flaw in Ivanti Connect Secure appliances. RESURGE, an improvement over the SPAWNCHIMERA malware variant, contains rootkit, dropper, backdoor, bootkit, proxy, and tunneler capabilities. Organizations are advised to patch their Ivanti instances and implement additional security measures to mitigate the risk posed by this malware.

youtube.com/watch

A recent report by the University of Toronto’s Citizen Lab suggests that Ontario police may have secretly used the Israeli spyware tool Paragon Solutions. The tool, linked to an Israeli company, allegedly hacks into phones via WhatsApp, raising concerns about surveillance and human rights. The investigation found potential use by the Ontario Provincial Police and other services like Toronto and Hamilton Police. The use of such spyware could contravene Canadian laws, highlighting the need for stricter regulations and oversight to prevent abuses. This issue underscores broader questions about the ethics of spyware use in democratic societies.

‘Evilginx’ Tool (Still) Bypasses MFA

Evilginx, a malicious version of the NGINX Web server, can be used in adversary-in-the-middle attacks to steal credentials and authentication tokens, bypassing multifactor authentication. Sophos researchers tested Evilginx with Microsoft-themed malicious domains and phishing pages, mimicking a user account protected by MFA and successfully bypassing it. To prevent Evilginx attacks, organizations should move off token-based or push-MFA methods and embrace stronger, phishing-resistant FIDO2-based options like passkeys.

Ubuntu namespace vulnerability should be addressed quickly: Expert | Network World

Three vulnerabilities were discovered in Ubuntu’s unprivileged user namespace restriction feature, allowing local attackers to bypass the protection and exploit kernel vulnerabilities. While Ubuntu asserts these are not security vulnerabilities due to AppArmor protections, experts recommend patching, limiting unprivileged profile changes, and restricting AppArmor profiles.

BlackLock Ransomware Exposed After Researchers Exploit Leak Site Vulnerability

Threat hunters infiltrated the BlackLock ransomware group’s online infrastructure, exploiting a vulnerability in their data leak site. This allowed them to extract configuration files, credentials, and command history, revealing BlackLock’s modus operandi and potential connections to other ransomware strains like DragonForce. The findings suggest a possible takeover of BlackLock by DragonForce due to ransomware market consolidation.

SquareX Discloses Browser-Native Ransomware that Puts Millions at Risk

SquareX warns of the emergence of browser-native ransomware, which targets digital identity and cloud-based enterprise storage. Unlike traditional ransomware, it requires no file download and is undetectable by endpoint security solutions. This new threat leverages AI agents to automate attacks, potentially impacting entire enterprises through compromised SaaS applications and file-sharing services.

Experts warn of the new sophisticate Crocodilus mobile banking Trojan

A new Android trojan called Crocodilus, discovered by ThreatFabric, exploits accessibility features to steal banking and cryptocurrency credentials. Primarily targeting users in Spain and Turkey, the malware uses overlay attacks, keylogging, and remote access to bypass Android 13 restrictions. Crocodilus is linked to the threat actor “sybra” and is capable of stealing OTP codes, controlling devices, and accessing cameras.

UK Software Firm Fined £3 Million Over Ransomware-Caused Data Breach  - SecurityWeek

The UK Information Commissioner’s Office fined Advanced Computer Software Group £3 million for a 2022 data breach caused by a ransomware attack. The breach, which compromised the data of approximately 80,000 individuals, was attributed to inadequate security measures, including the lack of multi-factor authentication. The company, which serves the UK’s National Health Service, acknowledged the incident and emphasized its commitment to enhancing cybersecurity.

Hellenic Open University Hit By Cyberattack, 813 GB Of Personal Data Leaked On Dark Web

The Hellenic Open University (EAP) experienced a ransomware attack in October 2024, resulting in the leak of 813 gigabytes of sensitive data onto the dark web. The attack, which encrypted the university’s IT infrastructure and backup systems, has raised concerns about cybersecurity vulnerabilities in educational institutions.

Twitter (X) Hit by Data Leak of 2.8 Billion Users; Allegedly an Insider Job

A data leak of 2.87 billion Twitter (X) users surfaced on Breach Forums, allegedly stolen by a disgruntled employee during layoffs. The leak, which includes profile metadata but not email addresses, was merged with a previous 2023 breach, leading to confusion about the data’s contents. Despite the breach’s size and potential impact on user privacy, X has yet to respond to the allegations.

Secure encryption and online anonymity are now at risk in Switzerland – here’s what you need to know | TechRadar

Switzerland is considering amending its surveillance law to expand monitoring and data collection to include VPNs, messaging apps, and social networks. The amendment, which aims to increase security by accessing more data, would force these service providers to modify their encryption technology and privacy policies, potentially compromising user anonymity. The public consultation period is open until May 6, 2025.

Darkweb actors claim to have over 100K of Gemini, Binance user info

Darkweb threat actors claim to have hundreds of thousands of user records from Gemini and Binance, including names, passwords, and location data, for sale. Binance denies a data breach, attributing the leaked information to phishing attacks compromising user devices. This incident follows similar scams targeting crypto exchange users this month.

Russia arrests three for allegedly creating Mamont malware, tied to over 300 cybercrimes therecord.media/mamont-ba…

Russian authorities have arrested three individuals suspected of developing the Mamont malware, a recently identified banking trojan targeting Android devices.

The suspects, whose identities remain undisclosed, were apprehended in the Saratov region. A video released by the Russian Ministry of Internal Affairs (MVD) shows the arrested individuals in handcuffs, being escorted by police officers.

According to the MVD, the trio is linked to over 300 cybercrime incidents. Authorities also seized computers, storage devices, communication tools and bank cards.

Mamont malware is delivered through Telegram channels and is typically disguised as legitimate mobile apps or video files.

Dozens of solar inverter flaws could be exploited to attack power grids www.bleepingcomputer.com/news/secu…

Dozens of vulnerabilities in products from three leading makers of solar inverters, Sungrow, Growatt, and SMA, could be exploited to control devices or execute code remotely on the vendor’s cloud platform.

The potential impact of the security problems has been assessed as severe because they could be used in attacks that could at least influence grid stability, and affect user privacy.

In a grimmer scenario, the vulnerabilities could be exploited to disrupt or damage power grids by creating an imbalance between power generation and demand.

Security researchers at Vedere Labs, the cybersecurity research arm of network security company Forescout, found 46 vulnerabilities in solar inverters from Sungrow, Growatt, and SMA - three of the top six manufacturers in the world.

New Atlantis AIO platform automates credential stuffing on 140 services www.bleepingcomputer.com/news/secu…

A new cybercrime platform named ‘Atlantis AIO’ provides an automated credential stuffing service against 140 online platforms, including email services, e-commerce sites, banks, and VPNs.

Specifically, Atlantis AIO features pre-configured modules for these services to perform brute force attacks, bypass CAPTCHAs, automate account recovery processes, and monetize stolen credentials/accounts.

Credential stuffing is a type of cyberattack where threat actors try out a list of credentials (usernames + passwords) they stole or sourced from leaked data breaches against platforms hoping to gain access to accounts. If the credentials match and the account isn’t protected by multi-factor authentication, they can hijack it, lock the legitimate owner out, and then abuse or resell the account to others.

Ukraine’s state railway restores online ticket sales after major cyberattack therecord.media/ukraine-s…

Ukraine’s state railway operator, Ukrzaliznytsia, has resumed online ticket sales after a cyberattack brought down its systems earlier in the week.

The attack — described as “systematic, complex, and multi-layered” — disrupted Ukrzaliznytsia’s online services, including those used for ticket purchases, but did not affect train schedules. Following the incident on Monday, the company doubled the number of ticket windows and staff at several stations across Ukraine to accommodate passengers.

The railway’s mobile app and website were back online “after 89 hours of nonstop work,” the company said in a statement on Thursday.

Over 12,000 passengers were able to buy tickets online when the online services were restored. The railway’s app is functioning, though it is experiencing disruptions due to high demand, the company said. Passengers with paper tickets purchased during the cyberattack will be offered free tea onboard, and paid waiting rooms will be made available for them.

European officials increasingly certain Baltic Sea cable breaks are accidental, not sabotage therecord.media/european-…

A series of recent submarine cable breaks in the Baltic Sea has alarmed onlookers who fear the incidents are part of a Russian sabotage campaign.

But officials from several European countries on the North Sea and Baltic Sea told Recorded Future News there is increasing confidence among their governments that the incidents were accidental and not directed by the Kremlin.

That confidence, which aligns with a report published by The Washington Post earlier this year, is supported by investigations into specific cable incidents, as well as intelligence agency assessments and data on the number of ships transiting the Baltic Sea.

Oracle customers confirm data stolen in alleged cloud breach is valid

A threat actor claimed to have breached Oracle Cloud servers and stolen data for 6 million users. Despite Oracle’s denial, BleepingComputer confirmed the authenticity of the data with multiple companies. The threat actor also shared emails allegedly exchanged with Oracle, including one claiming to have hacked the servers.

UK’s first permanent facial recognition cameras installed • The Register

The Metropolitan Police will install permanent live facial recognition (LFR) cameras in Croydon this summer. The cameras, which will be operational only when officers are present, aim to combat crime and will be attached to buildings and lamp posts. Privacy groups oppose the scheme, citing concerns about the expansion of the surveillance state and the lack of legislative safeguards.

Top Trump officials have private data and passwords leaked in stunning security breach following war plan debacle | Daily Mail Online

Private data and passwords of top Trump officials, including Mike Waltz, Tulsi Gabbard, and Pete Hegseth, were leaked online. The leaked information, including phone numbers, email addresses, and passwords, was obtained from public sources and data breaches. This incident raises concerns about potential counterintelligence threats and security vulnerabilities.

Identity of hacker behind NSW court website data breach unknown, police say - ABC News

A data breach at the NSW Department of Communities and Justice (DCJ) resulted in the unauthorized access of approximately 9,000 sensitive court files. The breach, detected during routine maintenance, involved an account holder within the justice link system gaining unlawful entry. While the exact nature of the accessed data is still being investigated, authorities are urging anyone concerned about their safety, particularly domestic violence survivors, to contact police.

StreamElements discloses third-party data breach after hacker leaks data

StreamElements, a cloud-based streaming tools platform, confirmed a data breach at a third-party service provider. The breach, which did not impact StreamElements servers, exposed user data from 2020 to 2024. The company is investigating and has alerted users to potential phishing attempts.