Casio confirms customer data stolen in a ransomware attack

Casio now confirms it suffered a ransomware attack earlier this month, warning that the personal and confidential data of employees, job candidates, and some customers was also stolen. The attack was disclosed Monday when Casio warned that it was facing system disruption and service outages due to unauthorized access to its networks during the weekend. Yesterday, the Underground ransomware group claimed responsibility for the attack, leaking various documents allegedly stolen from the Japanese tech giant’s systems.

Dutch government to physically replace tens of thousands of hackable traffic lights

Dutch authorities will have to replace tens of thousands of insecure road traffic lights over the next six years by 2030. Officials are taking this extreme and very expensive step after a security researcher found a vulnerability that could allow threat actors to change traffic lights on demand. The issue was discovered earlier this year by Alwin Peppels, a security engineer for Dutch security firm Cyber Seals. Peppels says threat actors can use a software-defined radio to send commands to the control boxes that sit next to traffic lights.

Healthcare attacks spread beyond US – just ask India’s Star Health

Leading Indian health insurance provider Star Health has admitted to being the victim of a cyber attack after criminals claimed they had posted records of 30-milion-plus clients online. When news of a potential break appeared in September, the firm asserted that initial assessments showed “no widespread compromises” and that “sensitive customer data remains secure.” At the time, a hacker who goes by “xenZen” was allegedly using two Telegram chatbots to leak the data.

Hackers made robot vacuums randomly yell racial slurs

Robot vacuums across the country were hacked in the space of several days, according to reporting by ABC News. This allowed the attackers to not only control the robovacs, but use their speakers to hurl racial slurs and abusive comments at anyone nearby. All of the affected robots were of the same make and model, the Chinese-made Ecovacs Deebot X2s. This particular robovac has developed a reputation for being easy to hack, thanks to a critical security flaw. ABC News, for instance, was able to get full control over one of the robots, including the camera.

US lawmakers seek answers on alleged Salt Typhoon breach of telecom giants

Lawmakers are demanding answers about earlier news reports that China’s Salt Typhoon cyberspies breached US telecommunications companies Verizon, AT&T, and Lumen Technologies, and hacked their wiretapping systems. They also urge federal regulators to hold these companies accountable for their infosec practices – or lack thereof. “I write to insist that your agencies finally act to secure US telephone and broadband companies’ wiretapping systems from hackers,” Senator Ron Wyden (D-OR) wrote in a Friday letter [PDF] to US Attorney General Merrick Garland and Federal Communications Commission Chair Jessica Rosenworcel.

Chinese researchers break RSA encryption with a quantum computer

In a potentially alarming development for global cybersecurity, Chinese researchers have unveiled a method using D-Wave’s quantum annealing systems to crack classic encryption, potentially accelerating the timeline for when quantum computers could pose a real threat to widely used cryptographic systems. Published in the Chinese Journal of Computers under the title “Quantum Annealing Public Key Cryptographic Attack Algorithm Based on D-Wave Advantage,” the paper outlined how D-Wave’s machines were used to break RSA encryption and attack symmetric encryption systems, raising serious questions about the future of cybersecurity.

Pokemon dev Game Freak confirms breach after stolen data leaks online

Japanese video game developer Game Freak has confirmed it suffered a cyberattack in August after source code and game designs for unpublished games were leaked online. Game Freak is best known for being the co-owner and the primary developing studio of the Pokémon series video game, which started in 1996 with the Pokémon Red and Blue for Nintendo Game Boy. The gaming studio has since released multiple titles in the Pokémon series for various Nintendo platforms like the 3DS, Switch, and iOS and Android (Pokémon Quest).

TrickMo malware steals Android PINs using fake lock screen

Forty new variants of the TrickMo Android banking trojan have been identified in the wild, linked to 16 droppers and 22 distinct command and control (C2) infrastructures, with new features designed to steal Android PINs. This is being reported by Zimperium, following an earlier report by Cleafy that looked into some, but not all variants currently in circulation. TrickMo was first documented by IBM X-Force in 2020, but it is thought to have been used in attacks against Android users since at least September 2019.