Hot Topics

Lapsus$

a little teapot, short and stout

Lapsus$ Jury Says Teen Duo Did Do Crimes

| | Arion Kurtaj, Grand Theft Auto, Lapsus$, Ransomware, Rockstar Games, SB Blogwatch, Strawberry Tempest
Arion Kurtaj and anon minor: Part of group that hacked Uber, Nvidia, Microsoft, Rockstar Games and many more ...
Security Boulevard
DHS secretary Alejandro Mayorkas

Teenage Hackers Must be Stopped: US DHS’s CSRB Report

| | 2 factor auth, 2-factor authentication, 2fa, 2FA bypass, 2FA Flaws, 2FA phishing, 2FA policies, 2FA/MFA, cellphone fraud, CSRB, Cyber Safety Review Board, Department of Homeland Security, DHS, DUAL FACTOR AUTHENTICATION, factor auth, homeland security, Homeland Security Presidential Directive, homelandsecurity, Lapsus$, Multi-Factor Authentication, Multi-Factor Authentication (MFA), Multifactor Authentication, SB Blogwatch, SIM swap, sim swap fraud, SIM swap scams, SIM swapping, two factor authentication, U.S. Department of Homeland Security, United States Department of Homeland Security, US Homeland Security
2FA SMS FAIL: Lapsus$ social engineers exploited weak two-factor authentication. Something must be done! (Well, this is something.) ...
Security Boulevard
What We Know About The Grand Theft Auto VI Data Breach

What We Know About The Grand Theft Auto VI Data Breach

| | cyber threat intelligence, Data breaches, Illicit communities, Lapsus$, threat actor, threat actors, Threat Intelligence, video games
On September 18, a cyber threat actor named “teapotuberhacker” posted on GTAForums.com claiming to have hacked Rockstar Games, the creator of the popular and controversial Grand Theft Auto (GTA) series. The post ...
Threat Intelligence Blog | Flashpoint
DEA Investigating Breach of Law Enforcement Data Portal

DEA Investigating Breach of Law Enforcement Data Portal

| | A Little Sunshine, Data breaches, Department of Justice, Domain Block List, Doxbin, Drug Enforcement Administration, El Paso Intelligence Center, emergency data request, EPIC, esp.usdoj.gov, FBI, ICSI, KT, Lapsus$, Law Enforcement Inquiry and Alerts, LEIA, National Seizure System, Ne'er-Do-Well News, Nicholas Weaver, NSS, spamhaus, The Coming Storm, U.S. Drug Enforcement Agency
The U.S. Drug Enforcement Administration (DEA) says it is investigating reports that hackers gained unauthorized access to an agency portal that taps into 16 different federal law enforcement databases. KrebsOnSecurity has learned ...
Krebs on Security
AI, defense, cybersecurity,

Five Security Lessons From the Lapsus$ Attacks

| | credential theft, insider threat, Lapsus$, pass-the-cookie attack, social engineering, supply chain
Threat groups like Lapsus$ are increasingly targeting the blind spots in otherwise robust corporate cybersecurity programs ...
Security Boulevard
Leaked Chats Show LAPSUS$ Stole T-Mobile Source Code

Leaked Chats Show LAPSUS$ Stole T-Mobile Source Code

| | A Little Sunshine, Amtrak, Apple, BitBucket, Breadcrumbs, Dan Goodin, Doxbin, Electronic Arts, emergency data request, Everlynn, Flashpoint, Genesis, Globant, Iqor, KT, Lapsus$, Lapsus$ Jobs, Michelin, Microsoft, Mobile Device Management, Mox, Ne'er-Do-Well News, Nvidia, Recursion Team, Russian Market, Samsung, SASCAR, SIM swapping, slack, source code theft, swatting, T-Mobile, T-Mobile Atlas, WhiteDoxbin
KrebsOnSecurity recently reviewed a copy of the private chat messages between members of the LAPSUS$ cybercrime group in the week leading up to the arrest of its most active members last month ...
Krebs on Security
The Original APT: Advanced Persistent Teenagers

The Original APT: Advanced Persistent Teenagers

| | A Little Sunshine, Advanced Persistent Teenagers, Amit Yoran, APT, cisa, FBI, Lapsus$, Microsoft, Ne'er-Do-Well News, Nvidia, Okta, Samsung, Tenable, The Coming Storm, twitter hack, vishing, voice phishing, wired
Many organizations are already struggling to combat cybersecurity threats from ransomware purveyors and state-sponsored hacking groups, both of which tend to take days or weeks to pivot from an opportunistic malware infection ...
Krebs on Security
Fake Emergency Search Warrants Draw Scrutiny from Capitol Hill

Fake Emergency Search Warrants Draw Scrutiny from Capitol Hill

| | A Little Sunshine, Apple, Bloomberg, Bug, Discord, facebook, Instagram, Lapsus$, Meta, Ne'er-Do-Well News, Sen. Ron Wyden, Snapchat, Twitter, Web Fraud 2.0
On Tuesday, KrebsOnSecurity warned that hackers increasingly are using compromised government and police department email accounts to obtain sensitive customer data from mobile providers, ISPs and social media companies. Today, one of ...
Krebs on Security
Hi-jacking Internet With A Pringles Can | Mr. Robot

Hackers Gaining Power of Subpoena Via Fake “Emergency Data Requests”

| | Anitsu, data extortion, Discord, Doxbin, emergency data request, Everlynn, fake EDR, FBI, KT, Lapsus$, mark rasch, Microsoft, Miku, Ne'er-Do-Well News, Oklaqq, Palo Alto Networks, pompompurin, Recursion Team, The Coming Storm, Unit 221B, Web Fraud 2.0, White, WhiteDoxbin
There is a terrifying and highly effective "method" that criminal hackers are now using to harvest sensitive customer data from Internet service providers, phone companies and social media firms. It involves compromising ...
Krebs on Security
LAPSUS$ Hacks Okta, Browser-in-the Browser Phishing Attack, Software Package Wipe's Russian Systems

LAPSUS$ Hacks Okta, Browser-in-the Browser Phishing Attack, Popular Software Package Updated to Wipe Russian Systems

| | Browser-in-the-Browser, Cybersecurity, Data breach, Digital Privacy, Episodes, Hackers, Hacking, Information Security, Infosec, Lapsus$, Microsoft, Node-ipc, npm package, Okta, Phishing, Podcast, Privacy, Russia, security, social engineering, technology, Ukraine, Weekly Edition
The LAPSUS$ hacking group has claimed to have hacked both Microsoft and Okta, details about a novel phishing technique called a browser-in-the-browser (BitB) attack, and how a popular software package that has ...
The Shared Security Show
Load more