Étiquette : hacking (Page 1 of 15)

23andMe confirms hackers stole ancestry data on 6.9 million users

a sign outside 23andMe's office in California, featuring the company's office in the background

“On Friday, genetic testing company 23andMe announced that hackers accessed the personal data of 0.1% of customers, or about 14,000 individuals. The company also said that by accessing those accounts, hackers were also able to access “a significant number of files containing profile information about other users’ ancestry.” But 23andMe would not say how many “other users” were impacted by the breach that the company initially disclosed in early October. As it turns out, there were a lot of “other users” who were victims of this data breach: 6.9 million affected individuals in tota”

Source : 23andMe confirms hackers stole ancestry data on 6.9 million users | TechCrunch

Des pirates déposent une plainte contre l’une de leurs victimes

https://i0.wp.com/www.beaude.net/no-flux/wp-content/uploads/2023/11/capture-decran-2023-11-16-a-094630-edited.jpg?resize=676%2C423&ssl=1

“« Nous avons signalé un manquement de la part de MeridianLink, qui a été impliquée dans une violation importante ayant un impact sur les données des clients et les informations opérationnelles, pour n’avoir pas déposé les informations requises auprès de la Securities and Exchange Commission (SEC) », déclarent les hackers, avant d’ajouter « nous vous donnons 24 heures avant de publier les données dans leur intégralité. » Cette nouvelle méthode de chantage est sans précédent dans le milieu du cybercrime. ”

Source : Des pirates déposent une plainte contre l’une de leurs victimes – Numerama

With 0-days hitting Chrome, iOS, and dozens more this month, is no software safe?

https://i0.wp.com/www.beaude.net/no-flux/wp-content/uploads/2023/09/zeroday-800x534-1.jpg?w=676&ssl=1

“End users, admins, and researchers better brace yourselves: The number of apps being patched for zero-day vulnerabilities has skyrocketed this month and is likely to get worse in the following weeks. People have worked overtime in recent weeks to patch a raft of vulnerabilities actively exploited in the wild, with offerings from Apple, Microsoft, Google, Mozilla, Adobe, and Cisco all being affected since the beginning of the month. The number of zero-days tracked this month is considerably higher than the monthly average this year. September so far is at 10, compared with a total of 60 from January through August, according to security firm Mandiant. The company tracked 55 zero-days in 2022 and 81 in 2021. A sampling of the affected companies and products includes iOS and macOS, Windows, Chrome, Firefox, Acrobat and Reader, the Atlas VPN, and Cisco’s Adaptive Security Appliance Software and its Firepower Threat Defense. The number of apps is likely to grow because a single vulnerability that allows hackers to execute malicious code when users open a booby-trapped image included in a message or web page is present in possibly hundreds of apps.”

Source : With 0-days hitting Chrome, iOS, and dozens more this month, is no software safe? | Ars Technica

Who Paid for a Mysterious Spy Tool? The FBI, an FBI Inquiry Found

https://i0.wp.com/www.beaude.net/no-flux/wp-content/uploads/2023/08/00dc-nso-01-fvzc-superJumbo.jpg?resize=676%2C451&ssl=1

“When The New York Times reported in April that a contractor had purchased and deployed a spying tool made by NSO, the contentious Israeli hacking firm, for use by the U.S. government, White House officials said they were unaware of the contract and put the F.B.I. in charge of figuring out who might have been using the technology. After an investigation, the F.B.I. uncovered at least part of the answer: It was the F.B.I.”

Source : Who Paid for a Mysterious Spy Tool? The FBI, an FBI Inquiry Found. – The New York Times

Des données ultrasensibles sur la sécurité de la Suisse sont en ligne sur le darknet

“La liste est donc sans fin, Xplain ayant des contrats avec d’innombrables services de sécurité en Suisse. Des questions fondamentales se posent: comment se fait-il que la société informatique ait gardé sur son infrastructure informatique autant de données opérationnelles de ses clients? Et pourquoi la Confédération n’a pas surveillé de près ce prestataire externe si important?”

Source : Des données ultrasensibles sur la sécurité de la Suisse sont en ligne sur le darknet – Le Temps

Story Killers: Des clients de hackers démasqués par des données bancaires suisses

Un des deux paiements d’Arcanum à la société de «Jorge».

“Aujourd’hui, la question se pose de savoir si la Suisse aurait pu arrêter Jorge il y a huit ans déjà. Les fonctionnaires auraient-ils pu empêcher l’homme de continuer à manipuler des processus démocratiques? À l’époque, les autorités helvétiques disposaient des données bancaires de Jorge. La cellule enquête de Tamedia a analysé en détail ces documents bancaires issus des dossiers de procédure de 2015. Résultat: la clientèle de Jorge a transféré des sommes considérables sur le compte de sa société auprès de la banque tessinoise BSI. Rien qu’en 2014, l’équivalent de près de 850’000 francs ont été versés sur ce compte. De nombreux virements auraient pu éveiller les soupçons, comme le montrent les exemples qui suivent.”

Source : Enquête internationale – Story Killers: Des clients de hackers démasqués par des données bancaires suisses | 24 heures

Washington annonce avoir neutralisé le logiciel espion russe baptisé « Snake »

https://i0.wp.com/www.beaude.net/no-flux/wp-content/uploads/2023/05/9bac910_WAS112_USA-TRUMP-RUSSIA_0201_11.jpg?w=676&ssl=1

“Ce logiciel, baptisé « Snake », a permis aux services de sécurité russes (FSB) de « voler des centaines de documents sensibles dans au moins cinquante pays », en attaquant notamment les services informatiques de gouvernements, de médias ou de centres de recherche, selon un communiqué du ministère américain de la justice. « Grâce à une opération de haute technologie, qui a retourné ce logiciel malveillant russe contre lui-même, les forces de l’ordre américaines ont neutralisé l’un des outils de cyberespionnage russe les plus sophistiqués », s’est félicitée la ministre adjointe de la justice, Lisa Monaco. D’après les autorités américaines, le logiciel était guidé depuis une unité du FSB baptisée « Turla », située à Riazan, en Russie. Il pouvait identifier et voler des documents et rester non détecté de manière indéfinie. Sa spécificité : les agents de « Turla » exfiltraient ces données en utilisant le réseau mondial des ordinateurs infectés.”

Source : Washington annonce avoir neutralisé le logiciel espion russe baptisé « Snake »

The Hacking of ChatGPT Is Just Getting Started

https://i0.wp.com/www.beaude.net/no-flux/wp-content/uploads/2023/05/security_jailbreaking_chatgpt_ai.jpg?resize=676%2C380&ssl=1

“It took Alex Polyakov just a couple of hours to break GPT-4. When OpenAI released the latest version of its text-generating chatbot in March, Polyakov sat down in front of his keyboard and started entering prompts designed to bypass OpenAI’s safety systems. Soon, the CEO of security firm Adversa AI had GPT-4 spouting homophobic statements, creating phishing emails, and supporting violence. Polyakov is one of a small number of security researchers, technologists, and computer scientists developing jailbreaks and prompt injection attacks against ChatGPT and other generative AI systems.
The process of jailbreaking aims to design prompts that make the chatbots bypass rules around producing hateful content or writing about illegal acts, while closely-related prompt injection attacks can quietly insert malicious data or instructions into AI models. Both approaches try to get a system to do something it isn’t designed to do.
The attacks are essentially a form of hacking—albeit unconventionally—using carefully crafted and refined sentences, rather than code, to exploit system weaknesses. While the attack types are largely being used to get around content filters, security researchers warn that the rush to roll out generative AI systems opens up the possibility of data being stolen and cybercriminals causing havoc across the web.”

Source : The Hacking of ChatGPT Is Just Getting Started | WIRED UK

‘Vulkan files’ leak reveals Putin’s global and domestic cyberwarfare tactics

‘Vulkan files’ leak reveals Putin’s global and domestic cyberwarfare tactics

“One document links a Vulkan cyber-attack tool with the notorious hacking group Sandworm, which the US government said twice caused blackouts in Ukraine, disrupted the Olympics in South Korea and launched NotPetya, the most economically destructive malware in history. Codenamed Scan-V, it scours the internet for vulnerabilities, which are then stored for use in future cyber-attacks. Another system, known as Amezit, amounts to a blueprint for surveilling and controlling the internet in regions under Russia’s command, and also enables disinformation via fake social media profiles. A third Vulkan-built system – Crystal-2V – is a training program for cyber-operatives in the methods required to bring down rail, air and sea infrastructure. ”

Source : ‘Vulkan files’ leak reveals Putin’s global and domestic cyberwarfare tactics | Cyberwar | The Guardian

Google says hackers could silently own your phone until Samsung fixes its modems

https://i0.wp.com/www.beaude.net/no-flux/wp-content/uploads/2023/03/akrales_220309_4977_0336.jpg?w=676&ssl=1

“Project Zero, Google’s team dedicated to security research, has found some big problems in the Samsung modems that power devices like the Pixel 6, Pixel 7, and some models of the Galaxy S22 and A53. According to its blog post, a variety of Exynos modems have a series of vulnerabilities that could “allow an attacker to remotely compromise a phone at the baseband level with no user interaction” without needing much more than a victim’s phone number. And, frustratingly, it seems like Samsung is dragging its feet on fixing it.”

Source : Google says hackers could silently own your phone until Samsung fixes its modems – The Verge

« Older posts

© 2024 no-Flux

Theme by Anders NorenUp ↑