Hacktivists claiming attack on Iranian steel facilities dump tranche of 'top secret documents
Incident just the latest iteration of the back and forth between Israeli and Iranianian-aligned hackers.
Darknet markets generate millions in revenue selling stolen personal data
A handful of markets were responsible for trafficking most of the data.
Hacktivists claiming attack on Iranian steel facilities dump tranche of 'top secret documents
Incident just the latest iteration of the back and forth between Israeli and Iranianian-aligned hackers.
Send My: Arbitrary data transmission via Apple's Find My network | Positive Security
Apple AirTags: Arbitrary data can be uploaded from non-internet-connected devices by sending Find My BLE broadcasts to nearby Apple devices. We're releasing an ESP32 firmware that turns the microcontroller into an (upload only) modem, and a macOS application to retrieve, decode and display the uploaded data.
Atlassian warns of critical Confluence flaw leading to data loss
Australian software company Atlassian warned admins to immediately patch Internet-exposed Confluence instances against a critical security flaw that could lead to data loss following successful exploitation.
Spain police dismantled a cybercriminal group who stole data of 4 million individuals
The Spanish police have arrested 34 members of the cybercriminal group that is accused of having stolen data of over 4M individuals.
Sony Investigating After Hackers Offer to Sell Stolen Data
Sony has launched an investigation after a ransomware group claimed to have compromised all systems and offered to sell stolen data.
Darknet markets generate millions in revenue selling stolen personal data
A handful of markets were responsible for trafficking most of the data.
Hacktivists claiming attack on Iranian steel facilities dump tranche of 'top secret documents
Incident just the latest iteration of the back and forth between Israeli and Iranianian-aligned hackers.
ChatGPT Plugins: Data Exfiltration via Images & Cross Plugin Request Forgery
Plugins can return malicious content and hijack your AI.
Troy Hunt: Seized Genesis Market Data is Now Searchable in Have I Been Pwned, Courtesy of the FBI and "Operation Cookie Monster"
A quick summary first before the details: This week, the FBI in cooperation with international law enforcement partners took down a notorious marketplace trading in stolen identity data in an effort they've named "Operation Cookie Monster". They've provided millions of impacted email addresses and passwords to Have I Been Pwned
Acer Breached, Hacker Selling Access to 160GB of Stolen Data
The hacker claims the stolen data includes confidential presentations from Acer, along with software files for the company's PC products. Acer says consumer data was not breached.
We Found 28,000 Apps Sending Data to TikTok. A Ban Won't Help.
TikTok’s software development kits could undermine Joe Biden's order to stop internet traffic flowing from federal employees' phones to TikTok within 30 days.
Darknet markets generate millions in revenue selling stolen personal data
A handful of markets were responsible for trafficking most of the data.
Department for Education warned after gambling companies benefit from learning records database
The Information Commissioner’s Office (ICO) has issued a reprimand to the Department for Education (DfE) following the prolonged misuse of the personal information of up to 28 million children. An ICO investigation found that the DfE’s poor due diligence meant a database of pupils’ learning records was ultimately used by Trust Systems Software UK Ltd (trading as Trustopia), an employment screening firm, to check whether people opening online gambling accounts were 18.
“Dormant Colors”: Live Campaign With Over 1M Data Stealing Extensions Installed
The “Dormant Colors” is yet another vast campaign of malicious extensions with millions of active installations worldwide, this time with a color-related theme and full of deception all through the chain. It starts with the trickery malvertising campaign, continues with a crafty novel way to side-load the real malicious code without anyone noticing (until now!), and finally with stealing not only your searches and browsing data, but also affiliation to 10,000 targeted sites — a capability that is easily leveraged for targeted spear phishing, account takeover and credential extraction — all using this powerful network of millions of infected computers worldwide!
Inside Fog Data Science, the Secretive Company Selling Mass Surveillance to Local Police
A data broker has been selling raw location data about individual people to federal, state, and local law enforcement agencies, EFF has learned. This personal data isn’t gathered from cell phone towers or tech giants like Google — it’s obtained by the broker via thousands of different apps on Android and iOS app stores as part of the larger location data marketplace.
A Cyberattack Illuminates the Shaky State of Student Privacy
At a moment when education technology firms are stockpiling sensitive information on millions of school children, safeguards for student data have broken down.
Hacktivists claiming attack on Iranian steel facilities dump tranche of 'top secret documents
Incident just the latest iteration of the back and forth between Israeli and Iranianian-aligned hackers.
Anonymous Hacktivists Leak 1TB of Top Russian Law Firm Data
Anonymous has struck Russia again by leaking 1TB of data from a leading Russian law firm identified as Rustam Kurmaev and Partners (RKP Law).
How Data Brokers Sell Access to the Backbone of the Internet
ISPs are quietly distributing "netflow" data that can, among other things, trace traffic through VPNs.
Google Online Security Blog: Vulnerability Reward Program: 2021 Year in Review
Last year was another record setter for our Vulnerability Reward Programs (VRPs). Throughout 2021, we partnered with the security researcher community to identify and fix thousands of vulnerabilities – helping keep our users and the internet safe.
Troy Hunt: Seized Genesis Market Data is Now Searchable in Have I Been Pwned, Courtesy of the FBI and "Operation Cookie Monster"
A quick summary first before the details: This week, the FBI in cooperation with international law enforcement partners took down a notorious marketplace trading in stolen identity data in an effort they've named "Operation Cookie Monster". They've provided millions of impacted email addresses and passwords to Have I Been Pwned
Acer Breached, Hacker Selling Access to 160GB of Stolen Data
The hacker claims the stolen data includes confidential presentations from Acer, along with software files for the company's PC products. Acer says consumer data was not breached.
We Found 28,000 Apps Sending Data to TikTok. A Ban Won't Help.
TikTok’s software development kits could undermine Joe Biden's order to stop internet traffic flowing from federal employees' phones to TikTok within 30 days.
Darknet markets generate millions in revenue selling stolen personal data
A handful of markets were responsible for trafficking most of the data.
Department for Education warned after gambling companies benefit from learning records database
The Information Commissioner’s Office (ICO) has issued a reprimand to the Department for Education (DfE) following the prolonged misuse of the personal information of up to 28 million children. An ICO investigation found that the DfE’s poor due diligence meant a database of pupils’ learning records was ultimately used by Trust Systems Software UK Ltd (trading as Trustopia), an employment screening firm, to check whether people opening online gambling accounts were 18.
“Dormant Colors”: Live Campaign With Over 1M Data Stealing Extensions Installed
The “Dormant Colors” is yet another vast campaign of malicious extensions with millions of active installations worldwide, this time with a color-related theme and full of deception all through the chain. It starts with the trickery malvertising campaign, continues with a crafty novel way to side-load the real malicious code without anyone noticing (until now!), and finally with stealing not only your searches and browsing data, but also affiliation to 10,000 targeted sites — a capability that is easily leveraged for targeted spear phishing, account takeover and credential extraction — all using this powerful network of millions of infected computers worldwide!
Inside Fog Data Science, the Secretive Company Selling Mass Surveillance to Local Police
A data broker has been selling raw location data about individual people to federal, state, and local law enforcement agencies, EFF has learned. This personal data isn’t gathered from cell phone towers or tech giants like Google — it’s obtained by the broker via thousands of different apps on Android and iOS app stores as part of the larger location data marketplace.
A Cyberattack Illuminates the Shaky State of Student Privacy
At a moment when education technology firms are stockpiling sensitive information on millions of school children, safeguards for student data have broken down.