This Week in Security News – February 4, 2022
Welcome to our weekly roundup, where we share what you need to know about cybersecurity news and events that happened over the past few days. This week, learn about the Samba vulnerability discovered by Trend Micro. Also, read about the White House’s warning of Russian hacks as tensions with Ukraine grow. The Samba Vulnerability: What is…
Codex Exposed: Helping Hackers in Training?
In June 2020, OpenAI released version 3 of its Generative Pre-trained Transformer (GPT-3), a natural language transformer that took the tech world by storm with its uncanny ability to generate text seemingly written by humans. But GPT-3 was also trained on computer code, and recently OpenAI released a specialized version of its engine, named Codex,…
North Korean Hackers Abuse Windows Update Client in Attacks on Defense Industry
Active since at least 2009, Lazarus is the most active North Korean state-sponsored hacking group, with numerous factions operating under its umbrella. Believed to have orchestrated various high-profile cyberattacks, the group stole $400 million worth of crypto-assets last year. Two different macro-enabled decoy documents masquerading as job opportunities at American global security and aerospace giant…
Adobe Patches Reader Flaws That Earned Hackers $150,000 at Chinese Contest
Of the 26 security holes fixed in the Windows and macOS versions of Acrobat and Reader, 16 have been assigned a “critical” severity rating (high severity based on their CVSS score), and a majority are memory-related issues that can be exploited for arbitrary code execution. Four of these critical vulnerabilities — CVE-2021-44704 through CVE-2021-44707 —…
Hackers Steal $150 Million Worth of Cryptocurrency From BitMart
The platform claims that only the Ethereum (ETH) and Binance Smart Chain (BSC) hot wallets were impacted, and notes that the two wallets were compromised using stolen private keys. “In response to this incident, BitMart has completed initial security checks and identified affected assets. This security breach was mainly caused by a stolen private key…
Device Exploits Earn Hackers Over $1 Million at Pwn2Own Austin 2021
Pwn2Own Austin has focused on hacking devices and ZDI described it as the largest Pwn2Own to date. White hat hackers earned $362,500 on the first day of the event, $415,000 on the second day, $238,750 on the third day, and $65,000? on the fourth day. Sixty-one bugs were disclosed at the contest — exploits typically…
Hackers Release Israeli LGBTQ Dating Site Details
The Google search engine blocked access to the sites of the group Black Shadow,” the justice said ministry said, a move it said was taken at the request of the government’s Cyber Unit. Messaging application Telegram had also suppressed Black Shadow groups, it added. The announcement came hours after Black Shadow dumped a large file…
Hackers Threaten to Out Israeli LGBTQ Dating Site Users
“If we have 1 Millions $ in our wallet in the next 48 hours, we will not leak this information and also we will not sell it to anybody,” Black Shadow wrote on Telegram. The Atraf dating site was compromised after the group hacked CyberServe, an Israeli internet service provider whose clients include public transportation…
Facebook Sues Ukrainian for Scraping, Selling Data of 178 Million Users
The defendant is Alexander Alexandrovich Solonchenko, whom Facebook says used the online monikers “Solomame” and “barak_obama” on the RaidForums hacker forum, where he allegedly sold illegally obtained information. According to the social media giant, Solonchenko, who worked as a freelance computer programmer, abused its Contact Importer tool to scrape the user IDs and phone numbers…
Acer Confirms Breach of Servers in Taiwan
Acer initially confirmed that some of its servers in India had been hacked after a group called Desorden claimed to have stolen more than 60 gigabytes of data from Acer India. The hackers claimed to have obtained information on millions of customers, login credentials used by thousands of retailers and distributors, and various corporate and…
