Russia goes over to static, positional defense against Ukraine’s counteroffensive. The final resolution of the Wagner Group mutiny remains unclear. KillNet has PMC aspirations. Read More
The CyberWire
The all in one place for non-profit security aid.
Russia goes over to static, positional defense against Ukraine’s counteroffensive. The final resolution of the Wagner Group mutiny remains unclear. KillNet has PMC aspirations. Read More
The CyberWire
AI-Driven Ransomware FunkSec Targets 85 Victims Using Double Extortion Tactics
Cybersecurity researchers have shed light on a nascent artificial intelligence (AI) assisted ransomware family called FunkSec that sprang forth in late 2024, and has claimed more than 85 victims to date.
“The group uses double extortion tactics, combining data theft with encryption to pressure victims into paying ransoms,” Check Point Research said in a new report shared with The Hacker News. ” Read More
Tor Browser 13.0 Released: What’s New
[[{“value”:”
Tor Browser 13.0.14 has been released, bringing essential security updates to the popular privacy-focused web browser.
This latest version includes updates to the underlying Firefox browser and several bug fixes and improvements.
Updated Tor to 0.4.8.11: The Tor network software has been updated to the latest stable version, 0.4.8.11, which includes bug fixes and security improvements.
Firefox 115.10.0 ESR: The browser engine powering Tor Browser has been updated to the latest Extended Support Release (ESR) version of Firefox, 115.10.0.
Android Security Fixes: The Android version of Tor Browser has been backed up with security fixes from Firefox 125.
Bug Fixes: This release addresses several bugs, including issues related to timezone leaks, localization, and homepage settings.
Free Live Webinar for DIFR/SOC Teams: Securing the Top 3 SME Cyber Attack Vectors – Register Here.
All Platforms
Updated Tor to 0.4.8.11
Bug tor-browser#41676: Set privacy.resistFingerprinting.testing.setTZtoUTC as a defense-in-depth
Bug tor-browser#42335: Do not localize the order of locales for app lang
Bug tor-browser#42428: Timezone offset leak via document.lastModified
Bug tor-browser#42472: Timezone may leak from XSLT Date function
Bug tor-browser#42508: Rebase Tor Browser stable onto 115.10.0esr
Windows + macOS + Linux
Updated Firefox to 115.10.0esr
Bug tor-browser#42172: browser.startup.homepage and TOR_DEFAULT_HOMEPAGE are ignored for the new window opened by New Identity
Bug tor-browser#42236: Let users decide whether to load their home page on a new identity.
Bug tor-browser#42468: App languages not sorted correctly in stable
Linux
Bug tor-browser-build#41110: Avoid Fontconfig warning about “ambiguous path”
Android
Updated GeckoView to 115.10.0esr
Bug tor-browser#42509: Backport Android security fixes from Firefox 125
Tor Browser 13.0.14 is now available for download from the official Tor Browser download page and the project’s distribution directory.
Users are encouraged to update to this latest version to benefit from the security improvements and bug fixes.
If you encounter any issues or have suggestions for future improvements, the Tor team welcomes your feedback.
You can report bugs or share ideas through the project’s issue tracker.
Looking to Safeguard Your Company from Advanced Cyber Threats? Deploy TrustNet to Your Radar ASAP
The post Tor Browser 13.0 Released: What’s New appeared first on Cyber Security News.
“}]] Read More
Cyber Security News
Crypto Payment Firm Transak Hit by Data Breach After Employee’s Laptop Hack
Transak, a leading crypto payment services provider, has been affected by a significant data breach that affected over 92,000 users. The incident, which came to light on October 21, 2024, stemmed from a sophisticated phishing attack that compromised an employee’s laptop.
The breach exposed the sensitive personal information of 92,554 users, representing approximately 1.14% of Transak’s total user base. Compromised data includes names, dates of birth, passport details, driver’s license information, and selfies used for Know Your Customer (KYC) verification.
Transak CEO Sami Start emphasized that no financially sensitive information was accessed during the breach. “No bank statements, social security numbers, or credit card details were accessed, and even emails or passwords were not involved, which significantly reduces the severity of the incident,” Start stated in an interview.
The company, which provides non-custodial fiat-to-crypto gateways for major platforms like Binance, MetaMask, and Coinbase, has taken swift action to address the situation.
Transak has engaged leading cybersecurity firms and forensic experts to conduct a thorough investigation and has begun notifying affected users.
Join ANY.RUN’s FREE webinar on How to Improve Threat Investigations on Oct 23 – Register Here
Transak has implemented enhanced security protocols in response to the breach and is collaborating closely with its third-party KYC vendor to identify and rectify the vulnerabilities exploited during the attack.
According to company officials, the employee associated with the security incident has been terminated.
A ransomware group, Stormous, has claimed responsibility for the breach, asserting that it has obtained over 300 gigabytes of user data.
The group has threatened to leak or sell the remaining data if its demands are not met. However, Transak has stated that it is not considering negotiations with the ransomware group.
The incident has raised concerns about the security practices of crypto firms and their third-party vendors. It highlights the industry’s ongoing challenges in protecting user data against sophisticated cyber threats, particularly phishing attacks targeting employees.
Transak has assured users that their funds remain secure as the company operates on a non-custodial model. The firm has also notified relevant UK, EU, and US data protection authorities about the breach.
An official statement from Transak: https://t.co/fIYNcsg6LU pic.twitter.com/oBU2adLDI4
— Transak (@Transak) October 21, 2024
This security incident follows similar breaches in the crypto and finance sectors, including a recent attack on Fidelity Investments that exposed the personal data of over 77,000 customers.
As the investigation continues, Transak has committed to improving its security measures, including enhanced employee training, software upgrades, and system improvements to prevent future phishing and social engineering attacks.
The crypto community is closely watching how Transak handles this breach, as it could affect user trust and potentially lead to stricter regulations in the cryptocurrency sector.
Free Webinar on How to Protect Small Businesses Against Advanced Cyberthreats -> Watch Here
The post Crypto Payment Firm Transak Hit by Data Breach After Employee’s Laptop Hack appeared first on Cyber Security News.