Search This Blog
Powered by Blogger.

Blog Archive

Labels

About Me

Load More
Trendy Right Now

Popular Posts

Showing posts with label Hacker attack. Show all posts
OCC
Banks bloomberg Cyber Attacks Data Sharing digital data email security financial attack Financial Data Hacker attack OCC

Top U.S. Banks Cut Off Digital Data Sharing With OCC After Major Cyberattack

 

Several of the largest banks in the United States have curtailed or reassessed how they share sensitive data with the Office of the Comptroller of the Currency (OCC), after a significant cyberattack compromised the regulator’s email system. 

According to Bloomberg, JPMorgan Chase and Bank of New York Mellon have paused all electronic communications with the OCC. Bank of America is continuing to share data, but through what it considers more secure digital channels. The decision follows the discovery that hackers had accessed over 100 email accounts at the OCC for more than a year—a breach labeled a “major incident” by both the OCC and the U.S. Treasury Department. 

The hackers reportedly obtained highly sensitive information related to financial institutions, although their identities remain unknown. The OCC, a bureau under the Treasury, oversees over 1,000 national banks and savings associations, including the U.S. branches of foreign institutions. Among the materials potentially exposed are reports on cybersecurity protocols, internal vulnerability assessments, and National Security Letters—documents that may contain classified intelligence regarding terrorism or espionage. 

Banks have raised concerns about the extent of the breach and the OCC’s communication about the incident. Some financial institutions reportedly did not learn of the scope of the compromise until media coverage surfaced. As a result, there is growing distrust among regulated institutions regarding how the OCC has handled disclosure and mitigation. The OCC said it is actively working with independent cybersecurity experts, including Mandiant and Microsoft, to investigate the breach and determine whether stolen data has surfaced on the dark web. 

A contractor is also reviewing two internal communication systems—BankNet and another used for transferring large files—to assess whether they were affected. While JPMorgan and BNY Mellon have suspended digital transmissions, Citigroup has continued data sharing due to its existing consent order with the OCC. It remains unclear whether other major banks like Wells Fargo or Goldman Sachs have taken similar steps. Experts warn that the breach could enable targeted cyberattacks or extortion attempts, as the stolen material may offer insight into institutional vulnerabilities. 

According to former Treasury CIO Eric Olson, the exposed data is “as sensitive as it gets.” The incident has drawn attention from Congress, with both the House Financial Services Committee and the Senate Banking Committee seeking more information. Experts view the banks’ decision to reduce data sharing as a sign of eroding trust in the OCC’s ability to safeguard critical regulatory communications.
Read more »
Silicon Valley
AI generated Deepfake AI Security AI technology AI Tool Breach attack Cyber Security Hacker attack Silicon Valley

Silicon Valley Crosswalk Buttons Hacked With AI Voices Mimicking Tech Billionaires

 

A strange tech prank unfolded across Silicon Valley this past weekend after crosswalk buttons in several cities began playing AI-generated voice messages impersonating Elon Musk and Mark Zuckerberg.  

Pedestrians reported hearing bizarre and oddly personal phrases coming from audio-enabled crosswalk systems in Menlo Park, Palo Alto, and Redwood City. The altered voices were crafted to sound like the two tech moguls, with messages that ranged from humorous to unsettling. One button, using a voice resembling Zuckerberg, declared: “We’re putting AI into every corner of your life, and you can’t stop it.” Another, mimicking Musk, joked about loneliness and buying a Cybertruck to fill the void.  

The origins of the incident remain unknown, but online speculation points to possible hacktivism—potentially aimed at critiquing Silicon Valley’s AI dominance or simply poking fun at tech culture. Videos of the voice spoof spread quickly on TikTok and X, with users commenting on the surreal experience and sarcastically suggesting the crosswalks had been “venture funded.” This situation prompts serious concern. 

Local officials confirmed they’re investigating the breach and working to restore normal functionality. According to early reports, the tampering may have taken place on Friday. These crosswalk buttons aren’t new—they’re part of accessibility technology designed to help visually impaired pedestrians cross streets safely by playing audio cues. But this incident highlights how vulnerable public infrastructure can be to digital interference. Security researchers have warned in the past that these systems, often managed with default settings and unsecured firmware, can be compromised if not properly protected. 

One expert, physical penetration specialist Deviant Ollam, has previously demonstrated how such buttons can be manipulated using unchanged passwords or open ports. Polara, a leading manufacturer of these audio-enabled buttons, did not respond to requests for comment. The silence leaves open questions about how widespread the vulnerability might be and what cybersecurity measures, if any, are in place. This AI voice hack not only exposed weaknesses in public technology but also raised broader questions about the blending of artificial intelligence, infrastructure, and data privacy. 

What began as a strange and comedic moment at the crosswalk is now fueling a much larger conversation about the cybersecurity risks of increasingly connected cities. With AI becoming more embedded in daily life, events like this might be just the beginning of new kinds of public tech disruptions.
Read more »
phishing
CAPTCHA CAPTCHA Security Cyber Attacks cybercriminals Fake Captcha Hacker attack Hackers Malware attacks phishing

Fake CAPTCHAs Are the New Trap: Here’s How Hackers Are Using Them to Install Malware

 

For years, CAPTCHAs have been a familiar online hurdle—click a box, identify a few blurry images, and prove you’re human. They’ve long served as digital gatekeepers to help websites filter out bots and protect against abuse. But now, cybercriminals are turning this trusted security mechanism into a tool for deception. Security researchers are sounding the alarm over a growing threat: fake CAPTCHAs designed to trick users into unknowingly installing malware. 

These phony tests imitate the real thing, often appearing as pop-up windows or embedded verification boxes on compromised websites. At first glance, they seem harmless—just another quick click on your way to a webpage. But a single interaction can trigger a hidden chain reaction that compromises your device. The tactic is subtle but effective. By replicating legitimate CAPTCHA interfaces, attackers play on instinct. Most users are conditioned to complete CAPTCHAs without much thought. That reflexive click becomes the entry point for malicious code. 

One reported incident involved a prompt asking users to paste a code into the Windows Run dialog—an action that launched malware installation scripts. Another campaign tied to the Quakbot malware family used similar deception, embedding CAPTCHAs that initiated background downloads and executed harmful commands with a single click. These attacks, often referred to as ClickFix CAPTCHA scams, are a form of social engineering—a psychological manipulation tactic hackers use to exploit human behavior. 

In this case, attackers are banking on your trust in familiar security prompts to lower your guard. The threat doesn’t stop at just fake clicks. Some CAPTCHAs redirect users to infected web pages, while others silently copy dangerous commands to the clipboard. In the worst cases, users are tricked into pressing keyboard shortcuts that launch Windows PowerShell, allowing attackers to run scripts that steal data, disable security software, or hijack system functions. 

Experts warn that this method is particularly dangerous because it blends in so well with normal browsing activity. Unlike more obvious phishing scams, fake CAPTCHA attacks don’t rely on emails or suspicious links—they happen right where users feel safe: in their browsers. To defend against these attacks, users must remain skeptical of CAPTCHAs that ask for more than a simple click. 

If a CAPTCHA ever requests you to enter text into system tools, press unusual key combinations, or follow unfamiliar instructions, stop immediately. Those are red flags. Moreover, ensure you have reliable antivirus protection installed and keep your browser and operating system updated. Visiting lesser-known websites? Use an ad blocker or security-focused browser extension to reduce exposure to malicious scripts. 

As CAPTCHA-based scams grow more sophisticated, digital vigilance is your best defense. The next time you’re asked to “prove you’re not a robot,” it might not be your humanity being tested—but your cybersecurity awareness.
Read more »
HDMI
AI Models AI Security Cyber Security data security Device Hack Device Security Hacker attack Hackers HDMI

Hackers Can Spy on Screens Using HDMI Radiation and AI Models

 

You may feel safe behind your screen, but it turns out that privacy might be more of an illusion than a fact. New research reveals that hackers have found an alarming way to peek at what’s happening on your display—without ever touching your computer. By tapping into the faint electromagnetic radiation that HDMI cables emit, they can now “listen in” on your screen and reconstruct what’s being shown with startling accuracy. 

Here’s how it works: when digital signals travel through HDMI cables from your computer to a monitor, they unintentionally give off tiny bursts of radiation. These signals, invisible to the naked eye, can be picked up using radio antennas or small, discreet devices planted nearby. Once captured, advanced AI tools get to work, decoding the radiation into readable screen content. 

The results? Up to 70% accuracy in reconstructing text—meaning everything from passwords and emails to private messages could be exposed. This new technique represents a serious leap in digital espionage. It doesn’t rely on malware or breaking into a network. Instead, it simply listens to the electronic “whispers” your hardware makes. It’s silent, stealthy, and completely undetectable to the average user. 

Worryingly, this method is already reportedly in use against high-profile targets like government agencies and critical infrastructure sites. These organizations often store and manage sensitive data that, if leaked, could cause major damage. While some have implemented shielding to block these emissions, not all are fully protected. And because this form of surveillance leaves virtually no trace, many attacks could be flying under the radar entirely. 

Hackers can go about this in two main ways: one, by sneaking a signal-collecting device into a location; or two, by using specialized antennas from nearby—like the building next door. Either way, they can eavesdrop on what’s displayed without ever getting physically close to the device. This new threat underscores the need for stronger physical and digital protections. 

As cyberattacks become more innovative, simply securing your data with passwords and firewalls isn’t enough. Shielding cables and securing workspaces might soon be as important as having good antivirus software. The digital age has brought us many conveniences—but with it comes a new breed of invisible spies.
Read more »
Ransomwares
corporate network breach Cyber Security firewall vulnerability Forescout Research Labs Fortnite Hacker attack Ransomware attack Ransomwares

Hackers Exploit Fortinet Firewall Bugs to Deploy Ransomware

 

Cybersecurity researchers have uncovered a new attack campaign in which hackers are exploiting vulnerabilities in Fortinet firewalls to breach corporate networks and deploy ransomware. The hacking group, tracked as “Mora_001,” is leveraging two specific flaws in Fortinet’s firewall software to infiltrate systems and launch a custom ransomware strain called “SuperBlack.” 

These vulnerabilities, tracked as CVE-2024-55591 and CVE-2025-24472, have been actively exploited since December 2024, despite Fortinet releasing patches in January 2025. Many organizations have yet to apply these critical updates, leaving their networks vulnerable. Once inside a network, the attackers conduct reconnaissance to identify valuable data before deploying ransomware. Instead of immediately encrypting files, they first exfiltrate sensitive information, a tactic that has become increasingly common among ransomware groups seeking to pressure victims into paying a ransom to prevent data leaks. 

Security researchers at Forescout observed that the Mora_001 group selectively encrypted file servers only after stealing critical data, making their attacks more damaging and difficult to recover from. There is strong evidence linking Mora_001 to the notorious LockBit ransomware gang. The SuperBlack ransomware strain appears to be based on a leaked builder from LockBit 3.0 attacks, and the ransom notes left by Mora_001 include the same contact details previously used by LockBit affiliates. This suggests that Mora_001 may be a current LockBit affiliate with distinct operational methods or a separate group that shares infrastructure and communication channels. 

Cybersecurity experts believe that Mora_001 is primarily targeting organizations that have not yet applied Fortinet’s security patches. Companies that failed to update their firewalls or properly harden their network configurations when the vulnerabilities were first disclosed are at the highest risk. The ransom notes used in these attacks also bear similarities to those used by other cybercriminal groups, such as the now-defunct ALPHV/BlackCat ransomware gang, further indicating connections within the ransomware ecosystem. 

Despite Fortinet releasing fixes for the affected vulnerabilities, unpatched systems remain an easy target for attackers. Security professionals are urging organizations to update their firewalls immediately and implement additional security measures to prevent unauthorized access. Best practices include applying all available patches, segmenting networks to restrict access to critical systems, monitoring for suspicious activity using endpoint detection and response tools, and maintaining secure offline backups. Organizations that fail to take these precautions risk falling victim to sophisticated ransomware attacks that can result in severe financial and operational damage.
Read more »
Hackers
CVE CVE exploits CVE vulnerability Cyber Security data security Data Theft Hacker attack Hackers

Hackers Exploit ThinkPHP and ownCloud Vulnerabilities from 2022 and 2023

 

Hackers are increasingly exploiting outdated security flaws in poorly maintained systems, with vulnerabilities from 2022 and 2023 seeing a surge in attacks. According to threat intelligence platform GreyNoise, malicious actors are actively targeting CVE-2022-47945 and CVE-2023-49103, affecting the ThinkPHP Framework and the open-source ownCloud file-sharing solution. 

Both vulnerabilities are critical, allowing attackers to execute arbitrary commands or steal sensitive data, such as admin credentials and license keys. CVE-2022-47945 is a local file inclusion (LFI) flaw in ThinkPHP versions before 6.0.14. If the language pack feature is enabled, unauthenticated attackers can remotely execute operating system commands. 

Akamai reported that Chinese threat groups have exploited this flaw since late 2023, and GreyNoise recently detected 572 unique IPs actively attacking vulnerable systems. Despite having a low Exploit Prediction Scoring System (EPSS) rating of just 7% and not being listed in CISA’s Known Exploited Vulnerabilities (KEV) catalog, CVE-2022-47945 remains under heavy assault. 

The second vulnerability, CVE-2023-49103, impacts ownCloud’s file-sharing software. It stems from a third-party library that leaks PHP environment details through a public URL. After its disclosure in November 2023, hackers began exploiting the flaw to steal sensitive data. A year later, it was named one of the FBI, CISA, and NSA’s top 15 most exploited vulnerabilities. 

Even though a patch was released over two years ago, many ownCloud systems remain unpatched and exposed. GreyNoise recently observed malicious activity from 484 unique IPs targeting this vulnerability. To defend against these active threats, users are strongly advised to upgrade to ThinkPHP 6.0.14 or later and ownCloud GraphAPI 0.3.1 or newer. 

Taking vulnerable systems offline or placing them behind a firewall can significantly reduce the attack surface and prevent exploitation. As hackers continue to leverage older, unpatched vulnerabilities, staying vigilant with timely updates and robust security practices remains crucial in protecting critical systems and sensitive data.
Read more »
North Korea Hackers
Crypto Attack Cryptocurrency exchange Cyber Attacks DMM Hacker attack North Korea North Korea Hackers

North Korean Hackers Suspected in $70M Phemex Crypto Exchange Exploit

 

A significant cyberattack on the Singapore-based cryptocurrency exchange Phemex has resulted in the loss of over $70 million in digital assets. Blockchain security experts believe the incident may be linked to North Korean hackers. The breach was detected on Thursday, prompting Phemex to suspend withdrawals after receiving alerts from security firms about unusual activity. 

Initially, approximately $30 million was reported stolen, but the attack persisted, leading to further asset depletion. The company’s CEO, Federico Variola, confirmed that the exchange’s cold wallets remained intact and unaffected. According to cybersecurity analysts, the tactics used in this attack resemble previous high-profile exploits targeting crypto exchanges.

The perpetrators swiftly transferred various tokens across multiple blockchain networks, beginning with high-value assets such as Bitcoin (BTC), Ethereum (ETH), and Solana (SOL), along with stablecoins like USDC and USDT. Since stablecoins can be frozen, the attackers quickly converted them into Ethereum before moving on to smaller, less liquid tokens. 

Researchers tracking the breach noted that hundreds of different cryptocurrencies were stolen, with attackers draining even minor altcoins. The process was reportedly carried out manually rather than through automated scripts, with assets transferred to fresh addresses before being laundered through additional layers of transactions. Experts believe the scale and coordination suggest the involvement of an experienced hacking group.  

A pseudonymous investigator known as SomaXBT.eth pointed to a North Korean-affiliated group as the likely culprit, noting similarities between this incident and previous attacks attributed to state-backed hackers. Another security analyst compared the breach to the attack on Japan’s DMM platform, which resulted in the theft of $308 million and was linked to the North Korean hacking group TraderTraitor. Data from blockchain explorers shows that the attackers utilized at least 275 transactions across Ethereum-based chains, using multiple addresses to siphon funds from networks such as Arbitrum, Base, Polygon, Optimism, and zkSync. 

Additionally, transactions were tracked across Avalanche, Binance Smart Chain, Polkadot, Solana, and Tron. A primary wallet connected to the breach handled at least $44 million in stolen funds, while notable amounts included $16 million in SOL, $12 million in XRP, and $5 million in BTC. Despite the losses, Phemex still holds roughly $1.8 billion in assets, the majority of which are in its native PT token, followed by significant holdings in Bitcoin and USDT. 

The exchange has announced that it is developing a compensation plan for affected users. As of the latest reports, activity from the attacker’s addresses appears to have ceased, with the final recorded transactions occurring around 10:00 AM ET.
Read more »
MirrorFace
Cyber Defence Cyber Security DDoS Hacker attack Hacker group Japan Japan Cyber Security MirrorFace

Japan’s New Active Cyber Defence Strategy to Counter Growing Threats

 

Japan is taking decisive steps to enhance its cybersecurity through a new strategy of “active cyber defence.” This approach enables authorized hackers working for the police or Self-Defence Forces (SDF) to infiltrate servers and neutralize cyber-attack sources before they cause significant damage. The ruling Liberal Democratic Party (LDP), led by Prime Minister Shigeru Ishiba, plans to introduce relevant legislation during the current parliamentary session. The urgency for stronger cybersecurity measures has escalated due to recent attacks. 

The National Police Agency (NPA) revealed that the Chinese state-linked hacking group MirrorFace was responsible for over 200 cyberattacks targeting Japan’s foreign ministries and semiconductor industry between 2019 and 2024. Additionally, cyber incursions since late December 2024 disrupted financial services, delayed flights, and exposed vulnerabilities in Japan’s critical infrastructure. Japan’s revised 2022 National Security Strategy identifies cyberattacks as a growing threat, likening cross-border hacks of civilian infrastructure to intimidation tactics that stop short of war. 

This has prompted Japan to expand its SDF cyber unit from 620 members in March 2024 to about 2,400 today, with plans to reach 4,000 personnel by 2028. However, this remains small compared to China’s estimated 30,000-member cyber-attack force. The proposed active defence strategy aims to bolster cooperation between public and private sectors, focusing on safeguarding critical infrastructure, such as energy, transportation, finance, and telecommunications. Japan also plans to establish a National Cyber Security Office in 2025 to coordinate cybersecurity policy, identify vulnerabilities, and advise private sector organizations. 

To prevent misuse, strict safeguards will accompany the strategy. Hackers will need prior approval to break into servers unless immediate action is required during active attacks. Penalties will address excessive monitoring or personal data leaks, ensuring transparency and public trust. Trend Micro’s recent findings underscore the importance of these measures. The security firm attributed recent cyberattacks to distributed denial-of-service (DDoS) campaigns launched by botnets. These attacks overwhelmed network servers with data, causing widespread disruptions to services like Japan Airlines and major banks. 

While Japan’s proactive approach is a significant step forward, experts like Professor Kazuto Suzuki caution that it may not deter all attackers. He notes that cyber deterrence is challenging due to the unpredictability of attackers’ methods. However, this strategy is expected to instill some fear of retaliation among hackers and strengthen Japan’s cybersecurity posture. As cyber threats evolve, Japan’s active defence initiative represents a critical effort to protect its infrastructure, economy, and national security from escalating digital risks.
Read more »
Subscribe to: Posts (Atom)