Hacker News with Generative AI: Cybersecurity

Oracle privately confirms Cloud breach to customers (bleepingcomputer.com)
Oracle has finally acknowledged to some customers that attackers have stolen old client credentials after breaching a "legacy environment" last used in 2017, Bloomberg reported.

Cybersecurity, Data Breaches, Oracle, Cloud Computing

6 points by frenchtoast8 3 hours ago | 1 comments

Spike in Palo Alto Networks scanner activity suggests imminent cyber threats (securityaffairs.com)
<p>China-linked group UNC5221 exploited Ivanti Connect Secure zero-day since mid-March</p>

Cybersecurity, Security Threats, China

6 points by demadog 4 hours ago | 0 comments

Cybersecurity Professor Faced China Funding Inquiry Before Disappearing (wired.com)
Before the official faculty profiles of renowned Indiana University, Bloomington (IU) data privacy professor Xiaofeng Wang and his wife disappeared and the FBI raided two of the couple’s homes last week, the school is said to have been reviewing for months whether the professor received unreported research funding from China, WIRED has learned.

Cybersecurity, Academia, China, Government Investigation

6 points by sva_ 1 day ago | 2 comments

Crimelords at Hunters International tell lackeys ransomware too 'risky' (theregister.com)
Big-game ransomware crew Hunters International says its criminal undertaking has become "unpromising, low-converting, and extremely risky," and it is mulling shifting tactics amid an apparent rebrand.

Cybersecurity, Ransomware, Organized Crime

5 points by rntn 1 day ago | 1 comments

Hacking the call records of millions of Americans (evanconnelly.github.io)
Imagine if anyone could punch in a phone number from the largest U.S. cell carrier and instantly retrieve a list of its recent incoming calls—complete with timestamps—without compromising the device, guessing a password, or alerting the user.

Privacy, Cybersecurity, Data Breaches, Telecommunications

143 points by voxadam 1 day ago | 30 comments

Oracle's masterclass in breach comms: Deny, deflect, repeat (theregister.com)
Oracle is being accused of poor incident comms as it reels from two reported data security mishaps over the past fortnight, amid a reluctance to publicly acknowledge all of the events as well as allegedly deleting evidence from the web.

Cybersecurity, Public Relations, Oracle

5 points by rntn 1 day ago | 0 comments

Alleged Deel Spy Confesses to Coordinating with Deel CEO Alex Bouaziz (newcomer.co)
BREAKING: Alleged Deel Spy Confesses to Coordinating with Deel CEO Alex Bouaziz

Business, Legal, Cybersecurity

10 points by wdaher 1 day ago | 1 comments

Someone is trying to recruit security researchers in a bizarre hacking campaign (techcrunch.com)
Someone is making precisely that tantalizing, bizarre, and clearly sketchy job offer. The person is using what looks like a series of fake accounts with avatars displaying photos of attractive women and sliding into the direct messages of several cybersecurity professionals and researchers on X in the last couple of weeks.

Cybersecurity, Social Engineering, Recruitment, Twitter

6 points by jbegley 2 days ago | 0 comments

Over 200M Records Allegedly Belonging to X Leaked Online (safetydetectives.com)

Data Breaches, Cybersecurity, Privacy, X (company)

16 points by RankingMember 3 days ago | 1 comments

Furry hackers who leaked Heritage Foundation data feared raided by feds (dailydot.com)
Individuals with connections to SiegedSec, the now-defunct group of “gay furry hackers” who leaked data relating to the think tank behind Project 2025, believe their former leader may have been arrested in a raid by law enforcement.

Cybersecurity, Hacking, Politics, Law Enforcement

38 points by anigbrowl 3 days ago | 1 comments

UK's GCHQ Intern Transferred Top Secret Files to His Phone (bbc.com)
A former GCHQ intern has admitted risking national security by taking top secret data home with him on his mobile phone.

Cybersecurity, National Security, Espionage, Government, Data Security

20 points by m463 3 days ago | 6 comments

Oracle Cloud security SNAFU latest: IT giant's pedantry as evidence vanishes (theregister.com)
Two Oracle data security breaches have been reported in the past week, and the database goliath not only remains reluctant to acknowledge the disasters publicly – it may be scrubbing the web of evidence, too.

Cybersecurity, Cloud Computing, Oracle, Data Breaches

6 points by rntn 3 days ago | 0 comments

The North Korea worker problem is bigger than you think (cyberscoop.com)
North Korean nationals have infiltrated businesses across the globe with a more expansive level of organization and deep-rooted access than previously thought, insider risk management firm DTEX told CyberScoop.

Cybersecurity, North Korea, Business, Espionage

21 points by bentocorp 3 days ago | 3 comments

Doge accesses federal payroll system and punishes employees who objected (arstechnica.com)
Elon Musk's Department of Government Efficiency (DOGE) has gained access "to a payroll system that processes salaries for about 276,000 federal employees across dozens of agencies," despite "objections from senior IT staff who feared it could compromise highly sensitive government personnel information" and lead to cyberattacks, The New York Times reported today.

Cybersecurity, Government, Artificial Intelligence

50 points by unsnap_biceps 3 days ago | 11 comments

Oracle attempt to hide cybersecurity incident from customers? (doublepulsar.com)
Being a provider of cloud SaaS (Software-as-a-service) solutions requires certain cybersecurity responsibilities — including being transparent and open. The moment where this is tested at Oracle has arrived, as they have a serious cybersecurity incident playing out in a service they manage for customers.

Cybersecurity, Cloud Computing, Oracle, SaaS

632 points by 2bluesc 3 days ago | 127 comments

Intel and Microsoft staff lured to work for fake Chinese company in Taiwan (theregister.com)
Chinese tech companies created entities in Taiwan and disguised them so they had no connections to China, so they could lure top tech talent to work on significant projects.

Cybersecurity, China, Taiwan, Recruiting, Technology

5 points by rntn 4 days ago | 1 comments

"The US government has the ability to access many politicians' emails in Europe" (republik.ch)
Anmelden<h1>«Die US-Regierung hat die Möglichkeit, auf viele Politikermails in Europa zuzugreifen»</h1><p>Warum europäische Regierungen aus den amerikanischen Clouds dringend raussollten und wie sie das am schnellsten anstellen, erklärt der niederländische Informatiker und Geheimdienstexperte Bert Hubert.</p>

Politics, Cybersecurity, Europe, Government

18 points by doener 4 days ago | 9 comments

FBI Alert Issued as Time Traveling Hackers Attack –Act Now (forbes.com)
Enable 2FA as time-traveling hackers strike.

Cybersecurity, Time Travel, Hacking

8 points by mfareed 4 days ago | 2 comments

FBI raids home of prominent computer scientist who has gone incommunicado (arstechnica.com)
A prominent computer scientist who has spent 20 years publishing academic papers on cryptography, privacy, and cybersecurity has gone incommunicado, had his professor profile, email account, and phone number removed by his employer Indiana University, and had his homes raided by the FBI. No one knows why.

Cryptography, Cybersecurity, Privacy, Law Enforcement, Academia

990 points by JaimeThompson 4 days ago | 468 comments

Exploiting exposed Portainer agent and using new SSH persistence (exatrack.com)
During an incident response for one of our clients, we stumbled upon a server compromised by the now relatively documented 1234 perfctl malware.

Cybersecurity, Exploitation, Server Security, Malware

3 points by benjiro 6 days ago | 1 comments

Oracle Health (formerly Cerner) breach compromises patient data at US hospitals (bleepingcomputer.com)
A breach at Oracle Health impacts multiple US healthcare organizations and hospitals after a threat actor stole patient data from legacy servers.

Cybersecurity, Healthcare, Data Breaches, Oracle, Cerner

23 points by dinosor 6 days ago | 0 comments

You Have 7 Days to Act Following Gmail Lockout Hack Attacks, Google Says (forbes.com)
As the FBI takes the unusual step of warning users of webmail platforms, including Gmail, to enable two-factor authentication in the light of a dangerous new ransomware threat campaign, Google email users still have more mundane hacking threats on their minds.

Cybersecurity, Gmail, Two-Factor Authentication, Ransomware

10 points by miles 6 days ago | 4 comments

Judge Confirms LaLiga's Right to Block Cloudflare in Pursuit of IPTV Pirates (torrentfreak.com)
Last December, a Spanish judge authorized LaLiga to block Cloudflare's shared IP addresses to combat piracy. Thousands of innocent internet users were affected, prompting Cloudflare and cybersecurity group RootedCon to ask the court to overturn the order. A judge has now denied both requests, stating that no evidence was presented to show that blocking caused any damage.

IPTV Piracy, Legal Battles, Cybersecurity, Spain

5 points by hn_acker 6 days ago | 0 comments

Obfuscation 101: Unmasking the Tricks Behind Malicious Code (socket.dev)
“The malicious package was right in front of our eyes, but we didn't see it until it was too late.”

Cybersecurity, Malicious Code, Software Development

6 points by feross 7 days ago | 0 comments

Private Data and Passwords of Senior U.S. Security Officials Found Online (spiegel.de)
Private contact details of the most important security advisers to U.S. President Donald Trump can be found on the internet. DER SPIEGEL reporters were able to find mobile phone numbers, email addresses and even some passwords belonging to the top officials.

Cybersecurity, Privacy, Data Breaches, Government, United States

39 points by JumpCrisscross 7 days ago | 4 comments

When Getting Phished Puts You in Mortal Danger (krebsonsecurity.com)
Many successful phishing attacks result in a financial loss or malware infection. But falling for some phishing scams, like those currently targeting Russians searching online for organizations that are fighting the Kremlin war machine, can cost you your freedom or your life.

Cybersecurity, Phishing, Russia, War

22 points by todsacerdoti 7 days ago | 0 comments

Private Data and Passwords of Senior U.S. Security Officials Found Online (spiegel.de)
Private contact details of the most important security advisers to U.S. President Donald Trump can be found on the internet. DER SPIEGEL reporters were able to find mobile phone numbers, email addresses and even some passwords belonging to the top officials.

Cybersecurity, Politics, Data Breaches, Security Officials

10 points by payamb 8 days ago | 0 comments

India wants backdoors into clouds, email, SaaS, for tax inspectors (theregister.com)
India’s government has proposed giving its tax authorities sweeping powers to access private email systems and applications.

India, Government, Privacy, Cybersecurity, Taxation

9 points by temphnaccount 8 days ago | 0 comments

Ask HN: What's the worst thing that could happen if I click on an unknown link (ycombinator.com)
There's no theoretical limit. That's what the concept of a "zero day" is all about. It's entirely possible that some undiscovered vulnerability allows an attacker to remotely hijack your entire PC, steal all passwords, and completely ruin your life just by opening a webpage. Is it likely? No. But in terms of the "worst thing possible" there's really no upper bound.

Cybersecurity, Security Risks, Internet Safety, Worst-Case Scenarios, Zero-Day Exploits

13 points by canergl 8 days ago | 8 comments

Oracle customers confirm data stolen in alleged cloud breach is valid (bleepingcomputer.com)
Despite Oracle denying a breach of its Oracle Cloud federated SSO login servers and the theft of account data for 6 million people, BleepingComputer has confirmed with multiple companies that associated data samples shared by the threat actor are valid.

Cybersecurity, Data Breaches, Oracle, Cloud Computing

347 points by el_duderino 8 days ago | 82 comments