Less than a week before the Christmas holiday, French IT services company Inetum Group was hit by a ransomware attack that had a limited impact on the business and its customers.
Inetum is active in more than 26 countries, providing digital services to companies in various sectors: aerospace and defense, banking, automotive, energy and utilities, healthcare, insurance, retail, public sector, transportation, telecom and media.
A quarter-billion of those passwords were not seen in previous breaches that have been added to Have I Been Pwned.
According to the National Crime Agency’s National Cyber Crime Unit in the U.K., nearly 586 million sets of credentials had been collected in a compromised cloud storage facility, free for the taking by any cybercrime yahoo who happened to stop by.
The credentials were a mixed bag in terms of sources, and it’s not clear how these passwords became compromised. But because they couldn’t be linked to a specific company, the NCA tapped Troy Hunt, creator of the Have I Been Pwned (HIBP) website and a Microsoft regional director, to check the passwords against the HIBP database of compromised passwords.
Cybersecurity agencies from Australia, Canada, New Zealand, the U.S., and the U.K. on Wednesday released a joint advisory in response to widespread exploitation of multiple vulnerabilities in Apache’s Log4j software library by nefarious adversaries.
“These vulnerabilities, especially Log4Shell, are severe,” the intelligence agencies said in the new guidance. “Sophisticated cyber threat actors are actively scanning networks to potentially exploit Log4Shell, CVE-2021–45046, and CVE-2021–45105 in vulnerable systems. These vulnerabilities are likely to be exploited over an extended period.”
The Cybersecurity and Infrastructure Security Agency (CISA) has announced the release of a scanner for identifying web services impacted by two Apache Log4j remote code execution vulnerabilities, tracked as CVE-2021–44228 and CVE-2021–45046.
“log4j-scanner is a project derived from other members of the open-source community by CISA’s Rapid Action Force team to help organizations identify potentially vulnerable web services affected by the log4j vulnerabilities,” the cybersecurity agency explains.
This scanning solution builds upon similar tools, including an automated scanning framework for the CVE-2021–44228 bug (dubbed& Log4Shell)& developed by cybersecurity company FullHunt.
Go beyond the hype.
Dubbed as the internet of tomorrow, Web 3.0 seems to be the next big thing that’s going to change our lives by fundamentally reshaping the internet.
Web 3.0 is an upgrade to the Web, a meta technology for business software, a social movement for open data, and a new generation for artificial intelligence.
Large corporations are usually getting hacked, resulting in the exposure of millions of user data, and a McKinsey report from last year shows that almost all industries have got a trust rate of less than 50 percent.
But the new generation of the web, Web 3.0, could solve some privacy concerns as it features the internet on blockchain technology. Storing any data on blockchain makes that data decentralized, making the company’s data usage transparent, thus protecting it from breaches. However, returning the ownership of their data back to consumers could potentially disrupt the tech industry since tech giants would eventually lose access to the data that initially gave them a boost in an already competitive market.
Full Story:
He has done his math. The questions seem to be: How to put together viable payloads to make use of Stsrship launches? How to build new markets in space?
This again?! Game Over? Busted? We’re doing Starship again so soon because I’m an unoriginal hack. There’s also been new developments in Starship and I think it’s a perfect time to revisit the launch system. Get as mad as you wish.
Will Starship live up to expectations? Will it really revolutionize space travel? Is Mars and beyond finally within grasp? Why are Musk’s fans so strangely devoted to him? Will I stop asking dumb questions?
Corrections, Clarifications, and Notes.
1. Jesus Christ I forgot about Dear Moon again. It’s clear that Starship probably won’t be human-rated by NASA by 2023. The FAA, if I remember correctly, doesn’t regulate commercial crew vehicles (like airplanes) yet. You could always do a Crew Dragon to Starship for that or something along those lines. I’d anticipate Dear Moon being pushed or somehow incorporated into an HLS demonstration.
Attackers accessed email accounts containing Social Security numbers, medical treatment information, and more.
People in movies are often quick to resort to sawing off someone’s hand to get past a fingerprint scanner. A report from the Kraken Security Labs Team shows that it would be much easier—and less gruesome—to recreate someone’s fingerprint using a little bit of off-the-shelf wood glue.
Kraken notes that biometric security has become increasingly common as smartphone, tablet, and laptop manufacturers have incorporated fingerprint scanners into their products. These scanners offer a convenient way to access those devices without entering a password.
The report says a fingerprint scanner can be “hacked” by using a picture of the target’s fingerprint, creating a negative in Photoshop, printing the resulting image, and then putting some wood glue on top of the imitated fingerprint so it can be used to trick many commercial scanners.
The increase in tensions between the United States and Russia due to Moscow amassing troops on the border with Ukraine is raising concerns Russia may not only put boots on the ground but also turn to hacking operations to put pressure on the U.S. and Ukraine.
Those concerns are underlined by massive hacking efforts by Russia against Ukraine over the past few years and the ransomware attacks linked to Russian hackers against critical U.S. organizations.
“This is a Russian calling card,” Mark Montgomery, senior director of the Center on Cyber and Technology Innovation at the Foundation for Defense of Democracies, told The Hill Wednesday. “I do worry that they will use their cyber and disinformation tools to try to undermine the stability of the Ukrainian economic security and national security.”
