Google accounts hacked: No passwords required
Simply changing your password is no longer enough thanks to this Google exploit. An analysis from security firm CloudSEK discovered this new malware, which exploits third-party cookies to gain persistent access to Google accounts, even if the password is reset. These hackers are able to retrieve these cookies, which are typically designed to allow users to stay logged in without continuous authentication, effectively bypassing the two-factor authentication. In a statement to The Independent, Google said, “We recommend turning on Enhanced Safe Browsing in Chrome to protect against phishing and malware downloads”, and that they have “taken action to secure any compromised accounts detected.”
loanDepot joins growing list of US mortgage lenders attacked
“loanDepot is experiencing a cyber incident.” That is the bulk of information the lending giant offered on their official company website on Monday. loanDepot confirmed the cyberattack in a filing with federal regulators, describing the incident as involving the “encryption of data” although the company would not confirm a ransomware attack. As a result, the company shut down certain systems but said, “Recurring automatic payments are processing as expected, but there may be a temporary delay in your payment history.” loanDepot is the fifth-largest retail mortgage lender in the U.S. and joins a list of other mortgage lenders including Mr. Cooper and Fidelity National Financial to be breached in recent months.
Netgear and Hyundai’s X accounts latest to be compromised in crypto scam
Hackers hijacked verified X (formerly known as Twitter) accounts of tech giant Netgear and carmaker Hyundai to spread malware that steals crypto. The attackers renamed the account of Hyundai MEA (Middle East and Africa) to impersonate Overworld, which describes itself as a “cross-platform multiplayer RPG, backed by Binance Labs, the venture capital and incubator arm of the Binance cryptocurrency exchange.” The fake accounts led followers to a malicious website promising to give the first 1,000 newly registered users $100,000. But anyone who connected to the site would have their assets stolen. The impersonated account warns X followers that this frequently happens.
Negotiations continue as LockBit claims attack on Capital Health
The Capital Health hospital network is under a deadline as the LockBit ransomware group says they will release additional stolen data and negotiation chats if they do not pay up by Tuesday. The ransomware gang claimed responsibility for the attack by listing the healthcare company on its data leak extortion website. The group said it “Didn’t encrypt this hospital as to not interfere with patient care. We just stole over 10 million files.” The cybercriminals also allege to have stolen seven terabytes of sensitive medical data that they say they will release if the ransom is not paid.
Huge thanks to our sponsor, Vanta
Vanta is the leading Trust Management Platform that helps you centralize your efforts to establish trust and enable growth across your organization.
Over 6,000 companies partner with Vanta to automate compliance, strengthen security posture, streamline security reviews, and reduce third-party risk.
To see Vanta’s platform firsthand and access resources plus a special offer, go to vanta.com/ciso and watch their 3-minute product demo.
“Swatting” is back with vengeance
Pay up or risk the police showing up to a patient’s home. That is the decision some healthcare providers are facing as ransomware hackers are increasingly using the “swatting” tactic. Consider it an extreme form of prank-calling, where the hacker will repeatedly call police about a certain individual, in this case the patient, claiming extreme allegations, forcing law enforcement to confront the unknowing individual. This tactic was most recently used when medical records were stolen from a cancer center last November.
Ransomware gang unveiled as culprit behind Christmas church attack
The Rhysida ransomware gang has taken credit for the Christmas attack against the Lutheran World Federation. The federation, which represents around 77 million people worldwide, said the attack caused all their systems to go down in December. The Rhysida gang said it is ransoming the stolen information for 6 bitcoin, or about $280,000. The gang is responsible for dozens of attacks on governments around the world and major companies like Sony.
Anti-Hezbollah group disrupts Beirut airport displays
The information display screens at Beirut’s international airport were hacked by domestic anti-Hezbollah groups. The departure and arrival information was replaced by a message accusing the Hezbollah group of putting Lebanon at risk of an all-out war with Israel. The screens displayed a message with logos from the” hardline Christian group dubbed “Soldiers of God.” This group has denied its involvement in the hack.
YouTube tightens regulations on AI-generated deepfakes
In a response to the ever-popular true crime generation, YouTube is updating its cyberbullying and harassment policies to no longer allow content that “realistically simulates minors and other victims of crime narrating their deaths or the violence experienced.” The new policy will result in a strike system that ranges from removing the content on a specific channel to shutting down the page entirely. The new policies go into effect starting on January 16th, 2024.