DW reports: Federal police say they have shut down the German servers for the darknet hub, which saw its sales skyrocket during the pandemic. Investigators said on Tuesday that they had shut down the German servers for Hydra, a Russian darknet marketplace that was used to sell drugs, forged documents, intercepted data, and other illegal digital services….
Food Delivery Leak Unmasks Russian Security Agents
Russian tech giant Yandex has blamed one of its employees for the hacking and subsequent leak of data from Yandex Food, a popular food delivery service in Russia. Aric Toler reports: Among the many users affected are serving agents of Russia’s security services and military, who in several cases even ordered food to their places of…
Emma Sleep Company admits checkout Magecart attack
Paul Kunert reports: Emma Sleep Company has confirmed to The Reg that it suffered a Magecart attack which enabled ne’er-do-wells to skim customers’ credit or debit card data from its website. Customers were informed of the breach by the mattress maker via email in the past week, with the business saying it was “subject to a cyber…
Fake Trezor data breach emails used to steal cryptocurrency wallets
Lawrence Abrams reports: A compromised Trezor hardware wallet mailing list was used to send fake data breach notifications to steal cryptocurrency wallets and the assets stored within them. Trezor is a hardware cryptocurrency wallet that allows you to store your crypto assets offline, rather than using cloud-based wallets or wallets stored on your PC that…
Honda’s Keyless Access Bug Could Let Thieves Remotely Unlock and Start Vehicles
Ravie Lakshmanan reports: A duo of researchers has released a proof-of-concept (PoC) demonstrating the ability for a malicious actor to remote lock, unlock, and even start Honda and Acura vehicles by means of what’s called a replay attack. The attack is made possible, thanks to a vulnerability in its remote keyless system (CVE-2022-27254) that affects…
GitLab issues critical update after hard-coding passwords into accounts
Thomas Claburn reports: GitLab on Thursday issued security updates for three versions of GitLab Community Edition (CE) and Enterprise Edition (EE) software that address, among other flaws, a critical hard-coded password bug. The cloud-hosted software version control service released versions 14.9.2, 14.8.5, and 14.7.7 of its self-hosted CE and EE software, fixing one “critical” security…