Security
Surveillance pros slam snoop tactics behind Southampton FC’s £200m losses
Southampton Football Club have been booted out of the Championship playoffs after damning evidence forced them into admitting spying on their semi-final league opponents Middlesbrough in a drama dubbed “Spygate” by the British press.
Read more about Surveillance pros slam snoop tactics behind Southampton FC’s £200m losses
AI platform Dify, with 10 million installs, exposes users to one-click account takeover
Dify, a popular low-code AI application development platform with over 142,000 stars on GitHub, was found to contain critical vulnerabilities that allowed a one-click account takeover. Imperva researchers warn that AI tools are racing to add features without ensuring security.
Read more about AI platform Dify, with 10 million installs, exposes users to one-click account takeover
Millions hit in “scareware” attack that blasts out warning noises and frightens users into calling fake helpdesks
Security researchers have uncovered a new social engineering scam that uses deceptive pop-ups and fake warnings to trick users into believing their device has been compromised, prompting them to use fraudulent IT helpdesks.
Read more about Millions hit in “scareware” attack that blasts out warning noises and frightens users into calling fake helpdesks
Morgan Stanley issues China-only iPhones and iPads to Hong Kong bankers
Morgan Stanley has asked its Hong Kong-based bankers to carry new mobile devices issued exclusively for business travel to mainland China, as international firms with a cross-border workforce tighten data security.
Read more about Morgan Stanley issues China-only iPhones and iPads to Hong Kong bankers
Major arcade game maker leaks millions of records via WeChat mini app
Wahlap, one of the world’s top arcade makers, leaked nearly 19 million user records, ranging from full names to unique IDs. Our researchers believe the Wahlap data leak also includes data related to the WeChat ecosystem.
Read more about Major arcade game maker leaks millions of records via WeChat mini app
GitHub confirms breach after hackers put stolen source code up for sale
GitHub, the world’s largest code hosting platform used by over 100 million developers, has confirmed a data breach, and the attackers are selling the stolen data online.
Read more about GitHub confirms breach after hackers put stolen source code up for sale
Steam’s lazy vetting allowed free game to drain users’ data, researcher claims
Valve approved a free-to-play game on Steam that ended up stealing passwords and browser data and emptied accounts. The malware slipped through the security cracks because Steam only checked games when they were first submitted and not their updates.
Read more about Steam’s lazy vetting allowed free game to drain users’ data, researcher claims
Massive supply chain attacks prompt NPM to force platform-wide token reset
Following massive supply chain attacks, NPM has forced a platform-wide token reset – all tokens bypassing 2FA must be updated. However, it doesn’t solve the underlying problem.
Read more about Massive supply chain attacks prompt NPM to force platform-wide token reset
CISA left 844 MB of plaintext passwords and AWS tokens on public GitHub for six months
Security researchers at GitGuardian have discovered login credentials for the US Cybersecurity and Infrastructure Security Agency (CISA).
Read more about CISA left 844 MB of plaintext passwords and AWS tokens on public GitHub for six months
Europe has just approved mandatory screenings on foreign investments to protect critical sectors
The European Parliament has approved a new set of rules that will tighten the screening of foreign investments in critical sectors to prevent security risks.
Read more about Europe has just approved mandatory screenings on foreign investments to protect critical sectors
Social media algorithms are “weapons to manipulate public opinion:” Dutch regulators call for safeguards
The Dutch Media Authority (CvdM) is calling on the government to implement measures against “anti-democratic algorithms.”
Read more about Social media algorithms are “weapons to manipulate public opinion:” Dutch regulators call for safeguards
Smart glasses pose “widespread surveillance” threat, French DPA warns
The CNIL, France’s data protection authority (DPA), has raised concerns about the growing privacy risks linked to smart glasses and other AI-powered wearable devices. With smart glasses, unlike smartphones, people are unable to tell when they’re being filmed, thus turning everyday interactions into criminal recordings without consent.
Read more about Smart glasses pose “widespread surveillance” threat, French DPA warns
Iran-linked hackers target “low-hanging fruit” at US gas stations
A possible hack of gas station fuel tank systems in several US states has raised concerns about industrial devices that experts say have been exposed online for years, despite repeated federal warnings.
Read more about Iran-linked hackers target “low-hanging fruit” at US gas stations
Attackers turn ancient Windows utility MSHTA into Swiss Army knife of hacking
An ancient Windows utility is giving hackers an almost embarrassingly easy ride once they’re inside a system. It’s called MSHTA, and it is increasingly abused to deliver data-siphoning malware, Bitdefender warns.
Read more about Attackers turn ancient Windows utility MSHTA into Swiss Army knife of hacking
"The data is fake:" Deutsche Telekom denies breach after alleged customer data hits cybercrime forum
Hackers are claiming to have a dataset linked to Deutsche Telekom for sale, raising fears of large-scale identity fraud. The company says the data is fake.
Read more about "The data is fake:" Deutsche Telekom denies breach after alleged customer data hits cybercrime forum
Millions of users caught in “anonymous” video chat leak
Hundreds of thousands of users thought their random video chats vanished the moment they clicked “next.” However, a Cybernews data leak investigation has found that extensive personal data was exposed to anyone on the internet.
Read more about Millions of users caught in “anonymous” video chat leak
Supply chain hit once again: single NPM account pushes 600+ compromised packages, used by millions
Another massive supply chain attack is spreading. Hundreds of compromised NPM packages are being detected, with hackers using stolen secrets to create over 2,200 public GitHub repositories, all because TeamPCP hijacked a single maintainer’s account.
Read more about Supply chain hit once again: single NPM account pushes 600+ compromised packages, used by millions
Hundreds arrested in first large cybercrime operation in MENA region
201 individuals were arrested in Operation Ramz, the first-of-its-kind cybercrime operation in the MENA region, encompassing countries in the Middle East and North Africa.
Read more about Hundreds arrested in first large cybercrime operation in MENA region
Dutch minister questions whether hackers deleted stolen patient data as ChipSoft claims
According to Mirjam Sterk, Minister of Long-Term Care, Youth, and Sport, there’s no certainty that the criminals have destroyed the data they stole from ChipSoft.
Read more about Dutch minister questions whether hackers deleted stolen patient data as ChipSoft claims
7-Eleven confirms April cyberattack after ShinyHunters leak claims
7-Eleven confirms its internal systems were breached in April, exposing the information of an unknown number of individuals just weeks after the ShinyHunters ransomware group listed the global convenience store chain as part of its recent “pay-or-leak” campaign.
Read more about 7-Eleven confirms April cyberattack after ShinyHunters leak claims
