Hackers broke into the United Nation’s computer networks, making out with a cache of data that could be used to initiate later cyberattacks on other governmental organizations.
The hack, which was first reported by Bloomberg and later confirmed by the U.N., occurred sometime earlier this year. It is believed that a hacker entered the system by using a stolen username and password that Bloomberg reported were likely purchased off the dark web.
US-Canadian gets 11 years for laundering money for a North Korean hacking group.
A dual US-Canadian national has been sentenced to 140 months in prison for laundering tens of millions of dollars, including funds stolen from a bank by a North Korean hacking group. Ghaleb Alaumary from Mississauga, Ontario pleaded guilty to two counts of conspiracy to commit money laundering. According to the US Department of Justice, Alaumary used spoofed emails to trick a university in Canada in the first case. The emails, which looked like they were from a construction company working on a major building project for the university, asked for payment amounting to US$9.4 million.
After the university wired the money to accounts controlled by Alaumary and his co-conspirators, he worked with various people across the US and elsewhere to launder the funds through various financial institutions. He also had people impersonating wealthy bankers go to Texas to get personally identifiable information from victims and then use that to steal hundreds of thousands of dollars from their accounts.
1 GB of data belonging to Puma available on Market
The name of the sportswear manufacturer Puma appeared on the dark web marketplace of stolen data Marketo, threat actors claim to have stolen 1 GB of data from the company.
The emerging underground marketplace of stolen data ‘Marketo’ available in TOR network announced the publication of data presumably stolen from sportswear manufacturer Puma.
Sidewalk Malware Attacks to Grayfly Chinese Hacker Group
A previously undocumented backdoor that was recently found targeting an unnamed computer retail company based in the U.S. has been linked to a longstanding Chinese espionage operation dubbed Grayfly.
In late August, Slovakian cybersecurity firm ESET disclosed details of an implant called SideWalk, which is designed to load arbitrary plugins sent from an attacker-controlled server, gather information about running processes in the compromised systems, and transmit the results back to the remote server.
It Takes Only One Human Error To Cause Your Next Data Breach
Critical data hacking, network outages, computer viruses, and other cyber-related risks have a variety of effects on our lives, ranging from a minor nuisance to serious incidents. Misconduct and weaknesses, as well as unplanned accidents, can result in cyber attacks. However, they may also be orchestrated or deliberate, such as hacking or unauthorized access. The primary goals of such network hackers or criminals are to steal sensitive information, conduct illicit financial transactions, delete or alter data, and do other similar activities. Terrorists, crackers, and recreational hackers are all possible system hackers.
Windows MSHTML zero-day actively exploited, mitigations required
Several researchers have independently reported a 0-day remote code execution vulnerability in MSHTML to Microsoft. The reason it was reported by several researchers probably lies in the fact that a limited number of attacks using this vulnerability have been identified, as per Microsoft’s security update.
Microsoft is aware of targeted attacks that attempt to exploit this vulnerability by using specially-crafted Microsoft Office documents.
MSHTML is a software component used to render web pages on Windows. Although it’s most commonly associated with Internet Explorer, it is also used in other software including versions of Skype, Microsoft Outlook, Visual Studio, and others.
Personal Information of Nearly 80,000 MyRepublic Customers Accessed After Breach
The personal data of approximately 80,000 MyRepublic mobile subscribers was accessed without authorization last month.
The Singaporean communications services provider released a statement on Friday (September 10) claiming that the breach took place on August 29 via a third-party data storage platform used to store customer data.
The unauthorized access reportedly affected 79,388 mobile subscribers based in Singapore. The customer data contained personal information, including scanned copies of NRICs, proof of residential address documents and names and mobile numbers.
Read more Cyber Security News at https://QUE.com/tag/cybersecurity