Free Wi-Fi Leaves Smart Buses Exposed to Hackers
🔓 At DEF CON, researchers Chiao-Lin ‘Steven Meow’ Yu of Trend Micro Taiwan and Kai-Ching ‘Keniver’ Wang of CHT Security revealed that smart buses are vulnerable to remote cyberattacks due to poor network security.
📡 They discovered that the same M2M router powers both the free passenger Wi-Fi and critical APTS and ADAS systems. After bypassing weak authentication, they accessed the admin interface and moved into sensitive bus functions.
⚠️ Vulnerabilities included command injections and an MQTT backdoor, giving attackers remote control. Hackers could track buses, access onboard cameras (with default passwords), and even manipulate route displays or steal passenger/driver data.
🛰️ With no encryption or authentication, attackers could launch MITM attacks, falsify GPS locations, forge engine speed (RPM) data, or set false “out of service” alerts - disrupting schedules and even delaying emergency response.
📢 Despite attempts at responsible disclosure to router maker BEC Technologies and Taiwan’s Maxwin, no fixes have been made. The unpatched vulnerabilities may affect buses beyond Taiwan, as the systems support multiple languages.
🔓 At DEF CON, researchers Chiao-Lin ‘Steven Meow’ Yu of Trend Micro Taiwan and Kai-Ching ‘Keniver’ Wang of CHT Security revealed that smart buses are vulnerable to remote cyberattacks due to poor network security.
📡 They discovered that the same M2M router powers both the free passenger Wi-Fi and critical APTS and ADAS systems. After bypassing weak authentication, they accessed the admin interface and moved into sensitive bus functions.
⚠️ Vulnerabilities included command injections and an MQTT backdoor, giving attackers remote control. Hackers could track buses, access onboard cameras (with default passwords), and even manipulate route displays or steal passenger/driver data.
🛰️ With no encryption or authentication, attackers could launch MITM attacks, falsify GPS locations, forge engine speed (RPM) data, or set false “out of service” alerts - disrupting schedules and even delaying emergency response.
📢 Despite attempts at responsible disclosure to router maker BEC Technologies and Taiwan’s Maxwin, no fixes have been made. The unpatched vulnerabilities may affect buses beyond Taiwan, as the systems support multiple languages.
❤2👍1
Password reset required for Plex streaming platform users, after data breach
🔐 Streaming platform Plex disclosed a data breach involving a user database, exposing usernames, emails, scrambled passwords, and some authentication data. The company warned that while passwords were scrambled, it’s unclear if they can be deciphered.
⚠️ Plex is asking customers to reset passwords via its official form and to sign out of connected devices. Unlike other firms, Plex did not enforce an automatic reset, leaving it up to users to act.
🕵️ The company admitted it has addressed the method of attack but has not shared details about the incident, risks, or the hashing algorithm used to scramble passwords - raising concerns about whether weak encryption was applied.
🌍 With about 25 million users worldwide, the scale of the breach remains unknown. Plex has not said how many accounts were compromised, when the hack occurred, or how long attackers had access.
📢 The company also declined to reveal if hackers made any ransom demands. A Plex spokesperson later reiterated the same limited information without answering specific questions, leaving many unresolved concerns.
🔐 Streaming platform Plex disclosed a data breach involving a user database, exposing usernames, emails, scrambled passwords, and some authentication data. The company warned that while passwords were scrambled, it’s unclear if they can be deciphered.
⚠️ Plex is asking customers to reset passwords via its official form and to sign out of connected devices. Unlike other firms, Plex did not enforce an automatic reset, leaving it up to users to act.
🕵️ The company admitted it has addressed the method of attack but has not shared details about the incident, risks, or the hashing algorithm used to scramble passwords - raising concerns about whether weak encryption was applied.
🌍 With about 25 million users worldwide, the scale of the breach remains unknown. Plex has not said how many accounts were compromised, when the hack occurred, or how long attackers had access.
📢 The company also declined to reveal if hackers made any ransom demands. A Plex spokesperson later reiterated the same limited information without answering specific questions, leaving many unresolved concerns.
❤1🔥1
Jaguar Land Rover Confirms Data Breach After Cyberattack
🏭 Jaguar Land Rover (JLR) has admitted that the recent cyberattack, which forced factory shutdowns in the UK, China, Slovakia, and India, also led to a data breach. Operations were severely disrupted as the company disconnected key systems.
⏳ Just two days ago, JLR extended the shutdown of its manufacturing facilities while continuing to restore impacted systems. Workers in several countries were told to stay at home during the disruption.
📢 In a statement, JLR confirmed that some data has been affected and that it has notified regulators. The company said its forensic investigation is ongoing and promised to contact individuals if their data was compromised.
🕵️ The cybercrime group Scattered Spider has taken credit for the attack. The group has also been tied to recent hits on UK retailers and industries worldwide.
🔥 This marks the second major cyber incident for JLR this year. In March, the Hellcat ransomware group claimed to have stolen hundreds of gigabytes of the automaker’s data.
🏭 Jaguar Land Rover (JLR) has admitted that the recent cyberattack, which forced factory shutdowns in the UK, China, Slovakia, and India, also led to a data breach. Operations were severely disrupted as the company disconnected key systems.
⏳ Just two days ago, JLR extended the shutdown of its manufacturing facilities while continuing to restore impacted systems. Workers in several countries were told to stay at home during the disruption.
📢 In a statement, JLR confirmed that some data has been affected and that it has notified regulators. The company said its forensic investigation is ongoing and promised to contact individuals if their data was compromised.
🕵️ The cybercrime group Scattered Spider has taken credit for the attack. The group has also been tied to recent hits on UK retailers and industries worldwide.
🔥 This marks the second major cyber incident for JLR this year. In March, the Hellcat ransomware group claimed to have stolen hundreds of gigabytes of the automaker’s data.
👍1
Panama Ministry of Economy Hit by Cyber Incident
💻 The Ministry of Economy and Finance (MEF) of Panama disclosed a cyberattack affecting one of its workstations. Officials said security protocols were activated immediately, the incident was contained, and core systems remain unaffected.
🛡️ MEF emphasized that personal and institutional data are safe, with operations continuing normally. Preventive measures were reinforced across the entire IT system to block further intrusions.
🕵️ However, the INC Ransom gang claimed responsibility, alleging they stole 1.5 TB of sensitive data, including emails, financial documents, and budgeting files. The group posted data samples on its dark web leak site on September 5 as proof.
🌍 MEF plays a crucial role in managing fiscal policy, debt, and Panama Canal revenues. Despite the gang’s claims, officials maintain that no critical systems were compromised.
💣 INC Ransom, active since mid-2023, has targeted major organizations like Yamaha Motor, Scotland’s NHS, and McLaren Health Care. In 2024, their ransomware source code was reportedly offered for sale on a Russian forum for $300,000.
💻 The Ministry of Economy and Finance (MEF) of Panama disclosed a cyberattack affecting one of its workstations. Officials said security protocols were activated immediately, the incident was contained, and core systems remain unaffected.
🛡️ MEF emphasized that personal and institutional data are safe, with operations continuing normally. Preventive measures were reinforced across the entire IT system to block further intrusions.
🕵️ However, the INC Ransom gang claimed responsibility, alleging they stole 1.5 TB of sensitive data, including emails, financial documents, and budgeting files. The group posted data samples on its dark web leak site on September 5 as proof.
🌍 MEF plays a crucial role in managing fiscal policy, debt, and Panama Canal revenues. Despite the gang’s claims, officials maintain that no critical systems were compromised.
💣 INC Ransom, active since mid-2023, has targeted major organizations like Yamaha Motor, Scotland’s NHS, and McLaren Health Care. In 2024, their ransomware source code was reportedly offered for sale on a Russian forum for $300,000.
🔥1
Man Gets Over 4 Years In Prison for Selling Unreleased Movies
🛑 A Memphis man, Steven R. Hale (37), was sentenced to 57 months in prison for stealing and selling unreleased DVDs and Blu-rays while working at a manufacturing and distribution company.
💿 Between Feb 2021 and Mar 2022, Hale stole and sold discs of blockbusters like "Godzilla v. Kong," "Dune," "Black Widow," and "Shang-Chi." He also leaked a ripped copy of "Spider-Man: No Way Home" online over a month before its official release.
💸 Prosecutors say the leaks caused tens of millions of dollars in losses. Hale admitted to criminal copyright infringement, agreed to repay damages, and returned 1,160 seized discs.
🔫 Already a convicted felon, Hale also pleaded guilty to illegally possessing a firearm found loaded at his home.
🎟️ In a separate case, prosecutors charged two ex-contractors for StubHub with making $635,000 by reselling nearly 1,000 stolen tickets for Taylor Swift’s Eras Tour, the U.S. Open, and major concerts. They face up to 15 years in prison.
🛑 A Memphis man, Steven R. Hale (37), was sentenced to 57 months in prison for stealing and selling unreleased DVDs and Blu-rays while working at a manufacturing and distribution company.
💿 Between Feb 2021 and Mar 2022, Hale stole and sold discs of blockbusters like "Godzilla v. Kong," "Dune," "Black Widow," and "Shang-Chi." He also leaked a ripped copy of "Spider-Man: No Way Home" online over a month before its official release.
💸 Prosecutors say the leaks caused tens of millions of dollars in losses. Hale admitted to criminal copyright infringement, agreed to repay damages, and returned 1,160 seized discs.
🔫 Already a convicted felon, Hale also pleaded guilty to illegally possessing a firearm found loaded at his home.
🎟️ In a separate case, prosecutors charged two ex-contractors for StubHub with making $635,000 by reselling nearly 1,000 stolen tickets for Taylor Swift’s Eras Tour, the U.S. Open, and major concerts. They face up to 15 years in prison.
👍1
Hackers Target Vietnam’s Credit Database in Major Breach
💻 Vietnam’s National Credit Information Center (CIC), run by the State Bank of Vietnam, has been hit by a hacker attack targeting sensitive creditor data. The country’s cybersecurity agency confirmed signs of unauthorised access aimed at stealing personal information, though the full extent is still under review.
🕵️ Authorities suspect the notorious Shiny Hunters group, known for attacking Google, Microsoft, and Qantas, is behind the breach. In a letter dated September 11, CIC assured banks that services remain functional and there has been no disruption or damage so far.
🏦 The central bank has not commented, and the number of potentially compromised accounts was not disclosed.
📈 JPMorgan warned investors the incident could drive higher cybersecurity costs and pose a risk to deposit flows. However, it maintained confidence in Vietnamese banks, unless wider fallout emerges.
🔐 A 2024 report by Viettel revealed that data leaks in Vietnam surged sharply, with 14.5 million accounts leaked - about 12% of global cases. This latest attack underscores the rising cyber risks facing Vietnam’s financial sector.
💻 Vietnam’s National Credit Information Center (CIC), run by the State Bank of Vietnam, has been hit by a hacker attack targeting sensitive creditor data. The country’s cybersecurity agency confirmed signs of unauthorised access aimed at stealing personal information, though the full extent is still under review.
🕵️ Authorities suspect the notorious Shiny Hunters group, known for attacking Google, Microsoft, and Qantas, is behind the breach. In a letter dated September 11, CIC assured banks that services remain functional and there has been no disruption or damage so far.
🏦 The central bank has not commented, and the number of potentially compromised accounts was not disclosed.
📈 JPMorgan warned investors the incident could drive higher cybersecurity costs and pose a risk to deposit flows. However, it maintained confidence in Vietnamese banks, unless wider fallout emerges.
🔐 A 2024 report by Viettel revealed that data leaks in Vietnam surged sharply, with 14.5 million accounts leaked - about 12% of global cases. This latest attack underscores the rising cyber risks facing Vietnam’s financial sector.
❤1🔥1
Massive 600 GB Leak Exposes Inner Workings of China’s Great Firewall
💾 The leak includes an extensive file tree and software packages used to maintain the Great Firewall. It shows the Firewall as not just a political tool but a complex technical system, maintained like large-scale corporate software.
📜 Documents trace the rise of MESA (2012) and Geedge Networks (2018). MESA grew through research grants, government contracts, and talent programs, while Geedge quickly became a key private partner supporting censorship and exporting surveillance solutions.
🛡️ The leak reveals the Firewall is a dynamic network, shaped by government projects, research institutes, and private companies. Analysts suggest it will take months to fully understand the source code and its implications.
⚠️ Hacktivists warn that examining the files should be done in isolated environments due to potential malware or tracking elements. The leak provides a rare opportunity for researchers and rights groups to study how the system operates.
🔍 Groups like Net4People and GFW Report plan to analyze and share findings over time. For now, the trove offers an unprecedented look at the Firewall’s reach and influence.
Source: hackread[.]com
💾 The leak includes an extensive file tree and software packages used to maintain the Great Firewall. It shows the Firewall as not just a political tool but a complex technical system, maintained like large-scale corporate software.
📜 Documents trace the rise of MESA (2012) and Geedge Networks (2018). MESA grew through research grants, government contracts, and talent programs, while Geedge quickly became a key private partner supporting censorship and exporting surveillance solutions.
🛡️ The leak reveals the Firewall is a dynamic network, shaped by government projects, research institutes, and private companies. Analysts suggest it will take months to fully understand the source code and its implications.
⚠️ Hacktivists warn that examining the files should be done in isolated environments due to potential malware or tracking elements. The leak provides a rare opportunity for researchers and rights groups to study how the system operates.
🔍 Groups like Net4People and GFW Report plan to analyze and share findings over time. For now, the trove offers an unprecedented look at the Firewall’s reach and influence.
Source: hackread[.]com
❤1🔥1
North Korean and Chinese hackers weaponize chatbots
🔍 Hackers from North Korea and China are using AI tools to create convincing fake credentials and run espionage. Models like ChatGPT, Claude, and Gemini are named as utilities these groups exploit to draft documents, code, and social posts.
🎭 Kimsuky - a North Korean group - used AI to produce a mock South Korean military ID attached to phishing emails that impersonated official defense institutions. Small prompt tweaks let models output realistic sample designs that skirt safeguards.
🧑💻 In other campaigns, attackers used AI-generated résumés and portfolios to win remote jobs at major firms, then passed coding tests and completed assignments to maintain access. Fraudulent remote employment becomes a vector for deeper intrusion.
🛠️ Chinese-linked actors treated models as technical assistants - asking for code, password-bruteforcing scripts, and network reconnaissance to target telcos, agricultural systems, and government databases. AI sped up planning and execution across months-long campaigns.
⚠️ Security teams and model makers are updating defenses, but experts warn AI lowers the barrier to personalized scams, deepfakes, and targeted phishing. Stronger verification, model safeguards, and vigilant hiring checks are needed as attackers scale with generative tools.
🔍 Hackers from North Korea and China are using AI tools to create convincing fake credentials and run espionage. Models like ChatGPT, Claude, and Gemini are named as utilities these groups exploit to draft documents, code, and social posts.
🎭 Kimsuky - a North Korean group - used AI to produce a mock South Korean military ID attached to phishing emails that impersonated official defense institutions. Small prompt tweaks let models output realistic sample designs that skirt safeguards.
🧑💻 In other campaigns, attackers used AI-generated résumés and portfolios to win remote jobs at major firms, then passed coding tests and completed assignments to maintain access. Fraudulent remote employment becomes a vector for deeper intrusion.
🛠️ Chinese-linked actors treated models as technical assistants - asking for code, password-bruteforcing scripts, and network reconnaissance to target telcos, agricultural systems, and government databases. AI sped up planning and execution across months-long campaigns.
⚠️ Security teams and model makers are updating defenses, but experts warn AI lowers the barrier to personalized scams, deepfakes, and targeted phishing. Stronger verification, model safeguards, and vigilant hiring checks are needed as attackers scale with generative tools.
👍1
Luxury Giants Hit by Data Breach: Millions of Customer Records Stolen
🛍️ Cyber criminals known as Shiny Hunters have stolen private details of potentially millions of customers from Balenciaga, Gucci, and Alexander McQueen. The stolen data includes names, emails, phone numbers, addresses, and even total amounts spent at the luxury stores worldwide.
🔒 Parent company Kering confirmed the breach, stating that no financial data like bank or card details were taken. The firm has notified affected individuals directly but has not made any public announcement, since it’s not legally required if customers are contacted privately.
📧 Shiny Hunters claim to hold 7.4 million email addresses, with a small verified sample showing customers who spent $10,000–$86,000. Experts warn this could make high spenders targets for further scams or cyberattacks if the data is leaked.
⚠️ The attack, which occurred in April, was part of a wider wave of hacks hitting luxury brands like Cartier and Louis Vuitton. Kering says it has since secured its systems and refused to pay any ransom, following law enforcement advice.
🔎 Cyber experts, including Google, link Shiny Hunters (also tracked as UNC6040) to attacks using phishing tricks on employees to steal logins for internal software. This continues a growing trend of high-profile breaches against global brands.
🛍️ Cyber criminals known as Shiny Hunters have stolen private details of potentially millions of customers from Balenciaga, Gucci, and Alexander McQueen. The stolen data includes names, emails, phone numbers, addresses, and even total amounts spent at the luxury stores worldwide.
🔒 Parent company Kering confirmed the breach, stating that no financial data like bank or card details were taken. The firm has notified affected individuals directly but has not made any public announcement, since it’s not legally required if customers are contacted privately.
📧 Shiny Hunters claim to hold 7.4 million email addresses, with a small verified sample showing customers who spent $10,000–$86,000. Experts warn this could make high spenders targets for further scams or cyberattacks if the data is leaked.
⚠️ The attack, which occurred in April, was part of a wider wave of hacks hitting luxury brands like Cartier and Louis Vuitton. Kering says it has since secured its systems and refused to pay any ransom, following law enforcement advice.
🔎 Cyber experts, including Google, link Shiny Hunters (also tracked as UNC6040) to attacks using phishing tricks on employees to steal logins for internal software. This continues a growing trend of high-profile breaches against global brands.
❤3🔥1
Hacking Forum Admin Resentenced to 3 Years in Prison
👤 Conor Brian Fitzpatrick, aka “Pompompurin”, the 22-year-old creator of BreachForums, has been resentenced to three years in prison. A federal appeals court overturned his earlier punishment of time served plus 20 years of supervised release.
⚖️ Fitzpatrick was arrested in March 2023 after admitting to the FBI that he ran the forum. He pled guilty in July 2023 to conspiracy to commit access device fraud, solicitation to offer access, and possession of CSAM.
📱 Court documents reveal he violated pretrial release conditions by using VPNs and unmonitored devices to secretly access the internet. Despite prosecutors seeking 15+ years, he initially received just 17 days in jail and home confinement.
🏛️ After a DOJ appeal, the U.S. Court of Appeals for the Fourth Circuit ruled the sentence too lenient and ordered a new one. Today, Fitzpatrick received a three-year prison term for his offenses.
💻 BreachForums was one of the largest English-language hacking forums, with over 330,000 members. It became infamous for selling and leaking stolen corporate and government data, until the FBI seized the site following the D.C. Health Link breach.
👤 Conor Brian Fitzpatrick, aka “Pompompurin”, the 22-year-old creator of BreachForums, has been resentenced to three years in prison. A federal appeals court overturned his earlier punishment of time served plus 20 years of supervised release.
⚖️ Fitzpatrick was arrested in March 2023 after admitting to the FBI that he ran the forum. He pled guilty in July 2023 to conspiracy to commit access device fraud, solicitation to offer access, and possession of CSAM.
📱 Court documents reveal he violated pretrial release conditions by using VPNs and unmonitored devices to secretly access the internet. Despite prosecutors seeking 15+ years, he initially received just 17 days in jail and home confinement.
🏛️ After a DOJ appeal, the U.S. Court of Appeals for the Fourth Circuit ruled the sentence too lenient and ordered a new one. Today, Fitzpatrick received a three-year prison term for his offenses.
💻 BreachForums was one of the largest English-language hacking forums, with over 330,000 members. It became infamous for selling and leaking stolen corporate and government data, until the FBI seized the site following the D.C. Health Link breach.
❤2🔥1
🚨 ChatGPT Targeted in Server-Side Attack Called ShadowLeak
🛡️ Researchers at Radware uncovered ShadowLeak, a server-side data theft method targeting ChatGPT’s Deep Research feature. Unlike typical client-side attacks, this exploit worked directly from OpenAI’s servers, making it harder to trace.
📧 The attack required no user clicks. A crafted email with hidden prompts could trick the agent into exfiltrating data via a harmless-looking URL (e.g., hr-service.net/{parameters}). The attacker’s instructions included authorization tricks, retries, urgency, and even bypass tactics.
🌐 While other companies like Zenity and Aim Security showcased client-side exploits (AgentFlayer, EchoLeak), ShadowLeak was unique for operating purely on the server-side. It could target data from services like Gmail, Google Drive, Dropbox, Outlook, Notion, Teams, and even GitHub.
⚡ OpenAI was alerted on June 18 and quietly fixed the flaw by early August. Radware confirmed ShadowLeak no longer works but warned the threat surface remains large and undiscovered vectors likely exist.
🔍 The firm recommends continuous monitoring of AI agent behavior - tracking both actions and inferred intent - to block deviations from the user’s goals in real time and prevent future data theft attempts.
🛡️ Researchers at Radware uncovered ShadowLeak, a server-side data theft method targeting ChatGPT’s Deep Research feature. Unlike typical client-side attacks, this exploit worked directly from OpenAI’s servers, making it harder to trace.
📧 The attack required no user clicks. A crafted email with hidden prompts could trick the agent into exfiltrating data via a harmless-looking URL (e.g., hr-service.net/{parameters}). The attacker’s instructions included authorization tricks, retries, urgency, and even bypass tactics.
🌐 While other companies like Zenity and Aim Security showcased client-side exploits (AgentFlayer, EchoLeak), ShadowLeak was unique for operating purely on the server-side. It could target data from services like Gmail, Google Drive, Dropbox, Outlook, Notion, Teams, and even GitHub.
⚡ OpenAI was alerted on June 18 and quietly fixed the flaw by early August. Radware confirmed ShadowLeak no longer works but warned the threat surface remains large and undiscovered vectors likely exist.
🔍 The firm recommends continuous monitoring of AI agent behavior - tracking both actions and inferred intent - to block deviations from the user’s goals in real time and prevent future data theft attempts.
🔥3👍1
FBI Warns About Fake Crime Reporting Portals
🕵️♂️ The FBI has issued a warning about cybercriminals creating spoofed websites that mimic its official Internet Crime Complaint Center (IC3) portal. These fake sites aim to steal personal and financial information from unsuspecting visitors.
🌐 Attackers often use slightly altered domains - such as icc3[.]live, ic3a[.]com, or others - by changing spellings or using different top-level domains. Ironically, one fake site even copied the FBI’s own warning notice against impersonation scams.
💸 The agency says such websites may be used in financial scams or for harvesting PII (name, address, phone, email, banking details). Victims are reminded that the real site is ic3[.] gov and should be accessed directly, not via search engines or sponsored links.
❌ The FBI and IC3 never contact victims directly via phone, email, or social media, and they will never ask for money, crypto, or gift cards to recover funds. Requests for payments to recover stolen assets are always scams.
🌍 Similar frauds have been reported globally, including arrests in Spain where suspects posed as Europol agents or U.K. lawyers to trick victims of crypto scams. The FBI stresses: stay alert, protect your data, and report suspicious activity only through ic3[.]gov.
🕵️♂️ The FBI has issued a warning about cybercriminals creating spoofed websites that mimic its official Internet Crime Complaint Center (IC3) portal. These fake sites aim to steal personal and financial information from unsuspecting visitors.
🌐 Attackers often use slightly altered domains - such as icc3[.]live, ic3a[.]com, or others - by changing spellings or using different top-level domains. Ironically, one fake site even copied the FBI’s own warning notice against impersonation scams.
💸 The agency says such websites may be used in financial scams or for harvesting PII (name, address, phone, email, banking details). Victims are reminded that the real site is ic3[.] gov and should be accessed directly, not via search engines or sponsored links.
❌ The FBI and IC3 never contact victims directly via phone, email, or social media, and they will never ask for money, crypto, or gift cards to recover funds. Requests for payments to recover stolen assets are always scams.
🌍 Similar frauds have been reported globally, including arrests in Spain where suspects posed as Europol agents or U.K. lawyers to trick victims of crypto scams. The FBI stresses: stay alert, protect your data, and report suspicious activity only through ic3[.]gov.
❤1👍1
Massive Cyber-Attack Paralyzes Major European Airports
🛑 Thousands of passengers faced cancellations and long delays after a cyber-attack hit check-in systems at Heathrow, Berlin, and Brussels. Staff were forced to issue handwritten boarding passes, causing hours-long queues.
💻 The attack targeted software by Collins Aerospace, a US firm that also works on defense contracts for Nato. While some speculated a Russian link, experts at RUSI said most such incidents are likely opportunistic ransomware attempts.
📉 By Saturday afternoon, 29 flights were cancelled out of more than 1,000 departures. Collins confirmed a cyber-related disruption but said the impact was limited to check-in and baggage drop, with manual processes in place as backup.
😓 Passengers described the ordeal as an “absolute nightmare”. At Heathrow, some waited up to 10 hours, with one traveler stranded alongside her cat after starting her journey at 3am.
⚠️ The National Cyber Security Centre is working with Collins, airports, and police. Brussels officials confirmed a cyber-attack, while Heathrow and Berlin cited a technical issue. The timing raised suspicion, as it coincided with Russian military activity near Nato airspace.
🛑 Thousands of passengers faced cancellations and long delays after a cyber-attack hit check-in systems at Heathrow, Berlin, and Brussels. Staff were forced to issue handwritten boarding passes, causing hours-long queues.
💻 The attack targeted software by Collins Aerospace, a US firm that also works on defense contracts for Nato. While some speculated a Russian link, experts at RUSI said most such incidents are likely opportunistic ransomware attempts.
📉 By Saturday afternoon, 29 flights were cancelled out of more than 1,000 departures. Collins confirmed a cyber-related disruption but said the impact was limited to check-in and baggage drop, with manual processes in place as backup.
😓 Passengers described the ordeal as an “absolute nightmare”. At Heathrow, some waited up to 10 hours, with one traveler stranded alongside her cat after starting her journey at 3am.
⚠️ The National Cyber Security Centre is working with Collins, airports, and police. Brussels officials confirmed a cyber-attack, while Heathrow and Berlin cited a technical issue. The timing raised suspicion, as it coincided with Russian military activity near Nato airspace.
🔥1
Samsung to Display Ads On Smart Refrigerators
🧊 Samsung confirmed it will begin displaying advertisements on the touchscreen of its Family Hub refrigerators in the U.S. The update is part of a pilot program aimed at “enhancing everyday value” for appliance owners.
💰 The Family Hub fridge costs at least $1,799 and comes with apps for task management and entertainment. With the update, ads will appear on the cover screen when idle. Users can dismiss specific ads, and none will show in Art Mode or when displaying photo albums.
📈 Samsung says the pilot will not collect consumer data during this phase, but concerns about privacy and smart appliances tracking users remain.
📺 This isn’t Samsung’s first push - its “screens everywhere” strategy has already expanded to washers and dryers. The company faced backlash in 2015 for inserting pop-up ads on smart TVs, even into locally stored content.
🏠 Samsung argues digital screens act as a central hub for managing appliances, saving time and effort. While the company once denied plans for ads on smart displays, this pilot signals a shift, leaving customers to wonder if “grabbing orange juice” now comes with an ad break.
🧊 Samsung confirmed it will begin displaying advertisements on the touchscreen of its Family Hub refrigerators in the U.S. The update is part of a pilot program aimed at “enhancing everyday value” for appliance owners.
💰 The Family Hub fridge costs at least $1,799 and comes with apps for task management and entertainment. With the update, ads will appear on the cover screen when idle. Users can dismiss specific ads, and none will show in Art Mode or when displaying photo albums.
📈 Samsung says the pilot will not collect consumer data during this phase, but concerns about privacy and smart appliances tracking users remain.
📺 This isn’t Samsung’s first push - its “screens everywhere” strategy has already expanded to washers and dryers. The company faced backlash in 2015 for inserting pop-up ads on smart TVs, even into locally stored content.
🏠 Samsung argues digital screens act as a central hub for managing appliances, saving time and effort. While the company once denied plans for ads on smart displays, this pilot signals a shift, leaving customers to wonder if “grabbing orange juice” now comes with an ad break.
❤2👍1🔥1
New Ransomware Targets Windows, Linux & VMware ESXi
🖥️ A new ransomware operation called BlackLock has emerged, evolving from its earlier identity El Dorado. Active since March 2024 and rebranded in September, it now poses a global threat, hitting diverse industries across multiple countries.
⚙️ Written in Go, BlackLock runs on Windows, Linux, and VMware ESXi, allowing attackers to compromise entire infrastructures. Operating under a Ransomware-as-a-Service (RaaS) model, the group recruits affiliates on Russian-speaking forums like RAMP.
🔐 The malware uses advanced encryption via ChaCha20 with unique keys per file, plus ECDH key exchange for metadata protection. Each file carries encrypted victim details and keys, making recovery nearly impossible without attacker tools.
🌐 BlackLock spreads through SMB shares with plaintext passwords or NTLM hashes, enabling lateral movement. It also sabotages recovery by targeting VSS and Recycle Bin through stealthy WMI queries, avoiding easy detection.
📄 Victims receive ransom notes titled HOW_RETURN_YOUR_DATA.TXT, warning of business disruption and data leaks if unpaid. Experts stress the need for endpoint protection, network segmentation, and secure backups to defend against this rising threat.
🖥️ A new ransomware operation called BlackLock has emerged, evolving from its earlier identity El Dorado. Active since March 2024 and rebranded in September, it now poses a global threat, hitting diverse industries across multiple countries.
⚙️ Written in Go, BlackLock runs on Windows, Linux, and VMware ESXi, allowing attackers to compromise entire infrastructures. Operating under a Ransomware-as-a-Service (RaaS) model, the group recruits affiliates on Russian-speaking forums like RAMP.
🔐 The malware uses advanced encryption via ChaCha20 with unique keys per file, plus ECDH key exchange for metadata protection. Each file carries encrypted victim details and keys, making recovery nearly impossible without attacker tools.
🌐 BlackLock spreads through SMB shares with plaintext passwords or NTLM hashes, enabling lateral movement. It also sabotages recovery by targeting VSS and Recycle Bin through stealthy WMI queries, avoiding easy detection.
📄 Victims receive ransom notes titled HOW_RETURN_YOUR_DATA.TXT, warning of business disruption and data leaks if unpaid. Experts stress the need for endpoint protection, network segmentation, and secure backups to defend against this rising threat.
❤2👍1🔥1
Meta’s Llama AI Approved for U.S. Government Use
📢 The U.S. General Services Administration (GSA) has approved Meta’s AI system Llama for use by federal agencies. This move comes as the Trump administration pushes to bring commercial AI tools into government operations.
✅ With GSA’s approval, agencies can now experiment with Llama, a free large language model that processes text, video, images, and audio. The system has passed the government’s security and legal standards.
💼 GSA has also recently cleared AI tools from Amazon Web Services, Microsoft, Google, Anthropic, and OpenAI. These companies agreed to provide discounted access while meeting strict security requirements.
🔧 Federal agencies are expected to use Llama to speed up contract reviews, handle IT problems faster, and support other administrative tasks.
🤝 “It’s not about currying favor,” said GSA’s Josh Gruenbaum, stressing that the initiative is about collaboration to strengthen the country’s AI capabilities.
📢 The U.S. General Services Administration (GSA) has approved Meta’s AI system Llama for use by federal agencies. This move comes as the Trump administration pushes to bring commercial AI tools into government operations.
✅ With GSA’s approval, agencies can now experiment with Llama, a free large language model that processes text, video, images, and audio. The system has passed the government’s security and legal standards.
💼 GSA has also recently cleared AI tools from Amazon Web Services, Microsoft, Google, Anthropic, and OpenAI. These companies agreed to provide discounted access while meeting strict security requirements.
🔧 Federal agencies are expected to use Llama to speed up contract reviews, handle IT problems faster, and support other administrative tasks.
🤝 “It’s not about currying favor,” said GSA’s Josh Gruenbaum, stressing that the initiative is about collaboration to strengthen the country’s AI capabilities.
👍1
Teen Hacker Behind $100M Vegas Cyberattack Busted
🎰 A male juvenile has been taken into custody for a “sophisticated” cyberattack that hit major Las Vegas casinos, including MGM Resorts and Caesars Entertainment. The attack, carried out between August and October 2023, caused losses of around $100 million.
🕵️ The intrusions were linked to the hacker group “Scattered Spider”, also known as Octo Tempest, UNC3944, and Oktapus. Investigators revealed the scheme was surprisingly simple - an attacker used LinkedIn to impersonate an employee, then tricked MGM’s IT department into a quick password reset.
🎲 Once inside, hackers disabled slot machines, blocked hotel key cards, cut off employee emails, and shut down reservations. MGM later disclosed the $100M loss in a filing with the SEC. Around the same time, Caesars confirmed a separate breach, where hackers accessed customer data, including driver’s licenses and social security numbers.
💰 Caesars admitted it had taken steps to “delete” the stolen data, but experts believe the company paid a ransom. The FBI’s Cyber Task Force and LVMPD tracked the suspect, who turned himself in on Sept. 17.
⚖️ The teen faces charges of extortion, identity theft, and computer crimes. While his name remains undisclosed due to his age, prosecutors may seek to charge him as an adult.
🎰 A male juvenile has been taken into custody for a “sophisticated” cyberattack that hit major Las Vegas casinos, including MGM Resorts and Caesars Entertainment. The attack, carried out between August and October 2023, caused losses of around $100 million.
🕵️ The intrusions were linked to the hacker group “Scattered Spider”, also known as Octo Tempest, UNC3944, and Oktapus. Investigators revealed the scheme was surprisingly simple - an attacker used LinkedIn to impersonate an employee, then tricked MGM’s IT department into a quick password reset.
🎲 Once inside, hackers disabled slot machines, blocked hotel key cards, cut off employee emails, and shut down reservations. MGM later disclosed the $100M loss in a filing with the SEC. Around the same time, Caesars confirmed a separate breach, where hackers accessed customer data, including driver’s licenses and social security numbers.
💰 Caesars admitted it had taken steps to “delete” the stolen data, but experts believe the company paid a ransom. The FBI’s Cyber Task Force and LVMPD tracked the suspect, who turned himself in on Sept. 17.
⚖️ The teen faces charges of extortion, identity theft, and computer crimes. While his name remains undisclosed due to his age, prosecutors may seek to charge him as an adult.
🔥1
Fake Password Managers Spread Malware to Mac Users
🖥️ LastPass has issued an alert about a malicious campaign targeting macOS users with fake password managers and other popular apps. The scheme uses fraudulent GitHub repositories to spread the Atomic (AMOS) info-stealing malware.
⚠️ The malware is delivered through ClickFix attacks, tricking users into pasting commands in Terminal. These commands download an AMOS payload from a hidden server. Recently, AMOS added a backdoor, giving attackers persistent access to infected devices.
🎭 Attackers impersonate over 100 software solutions, including 1Password, Dropbox, Notion, Fidelity, Gemini, Adobe After Effects, and more. They boost fake repositories through SEO tactics on Google and Bing, making them appear legitimate.
🔗 Victims are lured by a “download button” on GitHub, redirected to another site, and tricked into installing malware. LastPass warns that attackers use multiple accounts to evade takedowns and quickly spin up new repositories.
🛡️ To stay safe, users should avoid unknown Terminal commands and only download apps from official websites or trusted vendors. If a macOS version isn’t available from the official source, it’s likely fake.
🖥️ LastPass has issued an alert about a malicious campaign targeting macOS users with fake password managers and other popular apps. The scheme uses fraudulent GitHub repositories to spread the Atomic (AMOS) info-stealing malware.
⚠️ The malware is delivered through ClickFix attacks, tricking users into pasting commands in Terminal. These commands download an AMOS payload from a hidden server. Recently, AMOS added a backdoor, giving attackers persistent access to infected devices.
🎭 Attackers impersonate over 100 software solutions, including 1Password, Dropbox, Notion, Fidelity, Gemini, Adobe After Effects, and more. They boost fake repositories through SEO tactics on Google and Bing, making them appear legitimate.
🔗 Victims are lured by a “download button” on GitHub, redirected to another site, and tricked into installing malware. LastPass warns that attackers use multiple accounts to evade takedowns and quickly spin up new repositories.
🛡️ To stay safe, users should avoid unknown Terminal commands and only download apps from official websites or trusted vendors. If a macOS version isn’t available from the official source, it’s likely fake.
❤3🔥1
📡 The U.S. Secret Service dismantled a large network of SIM servers and devices across the New York tristate area, posing an imminent telecommunications threat near the United Nations General Assembly. Over 300 servers and 100,000 SIM cards were seized.
📞 These devices enabled anonymous telephonic threats against senior U.S. officials and could launch denial of service attacks, disable cell towers, and provide encrypted communication channels for criminal enterprises and nation-state actors.
🛡 Secret Service Director Sean Curran stressed the massive potential disruption such a network posed, noting the agency’s mission is focused on prevention. He warned that threats to protectees will be swiftly investigated, tracked down, and dismantled.
🤝 The operation was led by the agency’s new Advanced Threat Interdiction Unit, with support from DHS, DOJ, ODNI, NYPD, and other law enforcement partners. The investigation is ongoing as forensic analysis continues.
Source: secretservice[.]gov
📞 These devices enabled anonymous telephonic threats against senior U.S. officials and could launch denial of service attacks, disable cell towers, and provide encrypted communication channels for criminal enterprises and nation-state actors.
🛡 Secret Service Director Sean Curran stressed the massive potential disruption such a network posed, noting the agency’s mission is focused on prevention. He warned that threats to protectees will be swiftly investigated, tracked down, and dismantled.
🤝 The operation was led by the agency’s new Advanced Threat Interdiction Unit, with support from DHS, DOJ, ODNI, NYPD, and other law enforcement partners. The investigation is ongoing as forensic analysis continues.
Source: secretservice[.]gov
🔥1
Major Casino Operator Hit by Cyberattack, Data Stolen
🛡️ US casino operator Boyd Gaming Corporation confirmed it suffered a cyberattack, with threat actors gaining access to its systems and stealing data. Exposed information includes employee details and data of a limited number of other individuals.
🏢 The company operates 28 gaming properties across ten US states and manages a tribal casino in California. With over 16,000 employees and a $3.9B annual revenue (2024), Boyd Gaming is one of the major players in the casino industry.
📑 In a FORM 8-K filing with the SEC, Boyd said it is working with external cybersecurity experts and has notified law enforcement. Impacted individuals, regulators, and agencies are being informed as required.
💾 Boyd confirmed attackers removed data from its IT systems but stressed that operations remain unaffected. The company does not expect a material financial impact and says its cybersecurity insurance will cover incident-related costs.
❓ So far, no ransomware groups or threat actors have claimed responsibility. Boyd Gaming has not yet responded to media inquiries.
🛡️ US casino operator Boyd Gaming Corporation confirmed it suffered a cyberattack, with threat actors gaining access to its systems and stealing data. Exposed information includes employee details and data of a limited number of other individuals.
🏢 The company operates 28 gaming properties across ten US states and manages a tribal casino in California. With over 16,000 employees and a $3.9B annual revenue (2024), Boyd Gaming is one of the major players in the casino industry.
📑 In a FORM 8-K filing with the SEC, Boyd said it is working with external cybersecurity experts and has notified law enforcement. Impacted individuals, regulators, and agencies are being informed as required.
💾 Boyd confirmed attackers removed data from its IT systems but stressed that operations remain unaffected. The company does not expect a material financial impact and says its cybersecurity insurance will cover incident-related costs.
❓ So far, no ransomware groups or threat actors have claimed responsibility. Boyd Gaming has not yet responded to media inquiries.
❤1🔥1
Microsoft Restricts Israeli Military Unit’s Access to Cloud & AI Services
🛰️ Microsoft has disabled certain cloud and AI services used by a unit within Israel's Defense Ministry, after finding evidence that its technology was involved in mass surveillance of Palestinians in Gaza and the West Bank. The move follows a report by The Guardian, +972 Magazine, and Local Call, which revealed that the IDF’s Unit 8200 relied on Microsoft Azure for storing vast amounts of civilian phone data.
💾 Microsoft confirmed that its review found indications of the Defense Ministry’s use of Azure storage in the Netherlands and AI services. “We do not provide technology to facilitate mass surveillance of civilians,” said Brad Smith, the company’s president.
⚠️ The Israeli army admitted it was prepared for this scenario, saying it had already created backups and alternative solutions. While there is no immediate operational damage, officials warned that long-term boycotts and embargoes by companies and countries could pose a serious challenge.
👩💻 The decision does not affect Microsoft’s cybersecurity services for Israel and other Middle Eastern states. Meanwhile, in late August, the company fired four employees for staging protests against its ties to Israel, including a sit-in at the president’s office. Microsoft said the actions caused serious policy breaches and “significant safety concerns.”
🛰️ Microsoft has disabled certain cloud and AI services used by a unit within Israel's Defense Ministry, after finding evidence that its technology was involved in mass surveillance of Palestinians in Gaza and the West Bank. The move follows a report by The Guardian, +972 Magazine, and Local Call, which revealed that the IDF’s Unit 8200 relied on Microsoft Azure for storing vast amounts of civilian phone data.
💾 Microsoft confirmed that its review found indications of the Defense Ministry’s use of Azure storage in the Netherlands and AI services. “We do not provide technology to facilitate mass surveillance of civilians,” said Brad Smith, the company’s president.
⚠️ The Israeli army admitted it was prepared for this scenario, saying it had already created backups and alternative solutions. While there is no immediate operational damage, officials warned that long-term boycotts and embargoes by companies and countries could pose a serious challenge.
👩💻 The decision does not affect Microsoft’s cybersecurity services for Israel and other Middle Eastern states. Meanwhile, in late August, the company fired four employees for staging protests against its ties to Israel, including a sit-in at the president’s office. Microsoft said the actions caused serious policy breaches and “significant safety concerns.”
👍2❤1🔥1👏1😢1