Total Tests:
Blog Filters Reset
By Incident
By Jurisdiction
+ Show More

Hackers Breached Samsung, Stole Galaxy Source Code

Read also: Rompetrol hit by Hive ransomware, Mozilla fixes Firefox zero-days, and more.

Thursday, March 10, 2022

Views: 8.2k Read Time: 3 min.

Hackers breached Samsung, stole 190GB of data, including Galaxy source code

A hacker group compromised the computer network of Samsung Electronics, a South Korean company, which is one of the world's largest producers of electronic devices, and stole a large trove of confidential information, including source code related to Galaxy mobile devices.

The culprit behind the breach appears to be Lapsus$, the same data extortion collective that less than a week ago leaked confidential data belonging to an American chipmaker Nvidia.

Last week, Lapsus$ leaked around 190GB of data allegedly stolen from Samsung, including source code for every Trusted Applet installed in Samsung’s TrustZone environment used for sensitive operations, algorithms for biometric unlock operations, bootloader source code for recent Samsung devices, confidential source code from Qualcomm, and full source code for technology used for authorizing and authenticating Samsung accounts, including APIs and services.

Samsung confirmed the security breach on Monday and said that the intruders stole “some source code relating to operation of Galaxy devices.” The company said that personal information of customers and employees was not affected.

Romanian gas giant hit by Hive ransomware

Rompetrol, the operator of Petromidia Navodari, the largest oil refinery in Romania, has suffered a “complex cyberattack,” which forced the company to shut down some of its services, including websites, mobile apps, and the Fill&Go service at gas stations. The company said the incident did not impact operations at gas stations.

Rompetrol didn’t share any details on the nature of the cyberattack, or the perpetrators behind it. According to BleepingComputer, the company was hit by the Hive ransomware gang, with the ransomware operators demanding a $2 million ransom from Rompetrol.

Mozilla fixes two Firefox zero-days, Microsoft releases March 2022 security updates

Mozilla rolled out security updates to fix two zero-day vulnerabilities in its Firefox web browser that are already being exploited by hackers. Tracked as CVE-2022-26485 and CVE-2022-26486, the two flaws are use-after-free issues that can lead to remote code execution.

Microsoft released its March 2022 security updates to address a total of 71 vulnerabilities across multiple software products, including Windows OS (41 bugs), Microsoft Defender (4), Exchange, Office (5), Visual Studio, Express Logic, Azure Site Recovery (11), and the Chromium-based Microsoft Edge browser (19).

Other vendors who released security updates this month include Google, Cisco, Adobe, Intel, Juniper Networks,SAP, Schneider Electric, Siemens, and HP.

Russian government websites hacked in anti-war protest

Hackers have compromised websites of a number of Russian government agencies in a protest over Russia’s large-scale invasion of Ukraine. The affected agencies include Russia's Federal Penitentiary Service, Culture Ministry, Ministry of Energy, the State Statistics Agency, and other state agencies.

It appears that the attackers hacked the stats widget that multiple government agencies use to track the number of visitors, and posted an anti-war image on the compromised websites.

In response to Russia’s military actions in Ukraine multiple countries across the world imposed unprecedented economic and technological sanctions against Russia, including the exclusion of select Russian banks from the SWIFT payments system, and measures meant to largely cut off Russia from the global high-end technology sector.

Since the beginning of the war, more than 300 major US and European companies across multiple industries (automotive, energy, food and beverage, finance and investing, etc.) have cut ties with Russia or limited business operations in the country either in compliance with imposed sanctions, or in support of Ukraine. The extensive list (which is growing by the hour) includes Apple, Google, Microsoft, IBM, Meta, Nokia, Visa, Mastercard, Nvidia, Oracle, Reddit, Samsung, Red Hat, Cisco, Sony Group, Ubisoft, Take-Two, CD Projekt Red, Electronic Arts, Activision Blizzard, and Epic, just to name a few.

Access:7 vulnerabilities expose medical and IoT devices to cyberattacks

Cybersecurity researchers have warned of a new set of vulnerabilities collectively referred to as ‘Access:7’ impacting PTC Axeda, a cloud based remote access solution commonly used for devices within the healthcare industry.

Three (CVE-2022-25251, CVE-2022-25246, CVE-2022-25247) of seven flaws were rated critical (CVSSv3.1 score 9.4-9.8), because they allow a remote attacker to execute malicious code and commandeer the device. The remaining vulnerabilities are less dangerous and could be used to gain access to sensitive information, or launch DoS attacks.

The researchers estimate that the Access:7 vulnerabilities potentially affect more than 150 devices from over 100 different manufactures.

What’s next:

Application Security Weekly is a weekly review of the most important news and events in cybersecurity, privacy and compliance. We cover innovative cyber defense technologies, new hacking techniques, data breaches and evolving cyber law.
Book a Call Ask a Question
Talk to ImmuniWeb Experts
ImmuniWeb AI Platform
Have a technical question?

Our security experts will answer within
one business day. No obligations.

Have a sales question?
Tel: +41 22 560 6800 (Switzerland)
Tel: +1 720 605 9147 (USA)
Your data will stay private and confidential