Tom Burton reports: Critical infrastructure operators must now report significant cyber breaches to the federal government within 12 hours of an attack, following the expiry of a three-month grace period that enabled nearly 2500 of them to prepare for the new rules. Owners of electricity, gas, ports and water, and sewerage assets are also required…
Author: Dissent
Honda Admits Hackers Could Unlock Car Doors, Start Engines
Ionut Arghire reports: Honda has confirmed that researchers were indeed able to hack the remote keyless entry system of certain Honda vehicles to unlock the doors and start the engine. Over the weekend, security researchers Kevin2600 and Wesley Li from Star-V Lab published information on a security bug they identified in the rolling codes mechanism…
Robinhood settles data breach class action for $20M
Lauren Silva and Abraham Jewett report a settlement in Robinhood class-action litigation. Robinhood agreed to pay as much as $20 million to resolve claims the stock trading platform failed to prevent a 2020 data breach. The settlement will provide thousands of hacked Robinhood customers with both compensation and two years of credit monitoring and identity…
‘Callback’ Phishing Campaign Impersonates Security Firms
Elizabeth Montalbano reports: A new callback phishing campaign is impersonating prominent security companies to try to trick potential victims into making a phone call that will instruct them to download malware. Researchers at CrowdStrike Intelligence discovered the campaign because CrowdStrike is actually one of the companies, among other security firms, being impersonated, they said in…
BlackCat (Aka ALPHV) Ransomware Is Increasing Stakes Up To $2.5M In Demands
A new blog post by Resecurity indicates that BlackCat’s average ransom demand is now over $2 million. They write: Based on the recently compromised victims in Nordics region, which haven’t been disclosed by the group yet, the amount to be paid exceeds $2 million. […] According to experts from Resecurity, BlackCat ransomware actors began defining…
Experian, You Have Some Explaining to Do
Brian Krebs writes: Twice in the past month KrebsOnSecurity has heard from readers who’ve had their accounts at big-three credit bureau Experian hacked and updated with a new email address that wasn’t theirs. In both cases the readers used password managers to select strong, unique passwords for their Experian accounts. Research suggests identity thieves were able to…