Blog

Axie Infinity NFT Game Used to Breach Ronin Network, Over $600 Million in Crypto Taken

Hackers breached Ronin Network via NFT game and got away with at least $625 million in crypto funds by exploiting some inactive accounts with administrator privileges that were reportedly compromised via social engineering.
Have the Lapsus$ Hackers Been Caught? Teens Rounded up in London Suspected of Samsung, Microsoft and Okta Breaches

One of the ringleaders of the Lapsus$ hackers, a 16 year old who goes by the online handles “breachbase” and “White,” appears to have led law enforcement to the group by getting into it with other hackers.
Computers in Russia, Belarus Have Files Overwritten by Open Source Project; Ukraine-Related Hacktivism Causes Major Controversy

The distribution of malware to random targets through a trusted piece of software crosses a new line, and one that that open source community is clearly not comfortable with as a form of hacktivism.
Authentication Services Provider Okta May Have Suffered Security Breach; Hackers Post Internal Screenshots, But Firm Says Everything is Fine

Providing authentication services to tens of thousands of companies and government agencies, Okta is a supply chain vendor that could cause a cascade of security breaches if compromised.
Leading Risks for CI/CD Security: Flow Control, Access & Identity Management, Dependency Chains and Pipeline Vulnerabilities

When attackers are able to insert themselves into the engineering environment via CI/CD security failings, this gives them a direct line to the production environment. This is often an area of security that receives an inadequate level of attention.
Russian Hackers Using PrintNightmare & MFA Configuration Vulnerabilities To Take Over Windows Systems

Russian hackers are attacking MFA configuration weaknesses, something that is often set by default, and following up with a PrintNightmare attack to take over Windows systems.
Cyber Incident Reporting Requirements for Critical Infrastructure May Be Tightened if New Cybersecurity Legislation Passes House Vote

Civilian federal agencies and companies in the critical infrastructure space may be looking at a three-day cyber incident reporting window should recent cybersecurity legislation make it through the House.
100M Samsung Phones Produced Between 2017 and 2021 Have a Fatal Encryption Flaw

Samsung phones produced between 2017 and 2021 have a severe encryption flaw that can open up the entire device to an attacker without much effort.
Wormhole Network Breach Illustrates the Inherent Vulnerabilities in DeFi Projects

Attacker exploited Wormhole network’s unique status as a “bridge” between the Solona blockchain and a variety of other DeFi projects. A signature verification vulnerability allowed them to make this connection.
Wave of Cyber Attacks on Government Websites Precedes Ukraine Invasion; Is More Action Coming?

The pattern of the cyber attacks fit Russia’s general intentions and past actions, but seemed restrained. The banks and government websites were ultimately only inconvenienced for a few hours.

Blog

Got a Question?