Group items tagged

"Three software flaws in Facebook's systems allowed hackers to break into user accounts, including those of the top executives Mark Zuckerberg and Sheryl Sandberg, according to two people familiar with the investigation but not allowed to discuss it publicly. Once in, the attackers could have gained access to apps like Spotify, Instagram and hundreds of others that give users a way to log into their systems through Facebook."

"Cybersecurity experts have warned for years that malfeasance, technical breakdown or administrative incompetence could easily wreak havoc with electronic systems and could go largely or wholly undetected. This is a concern made much more urgent by Russia's cyber-attacks on political party servers and state voter registration databases in 2016 and by the risk of a repeat - or worse - in this November's midterms. "

"L&M used a credential stuffing attack: using email addresses gleaned from massive breaches to gain access by repeatedly trying different email/password combinations."

"By reverse engineering ProTrack and iTrack's Android apps, L&M said he realized that all customers are given a default password of 123456 when they sign up. At that point, the hacker said he brute-forced "millions of usernames" via the apps' API. Then, he said he wrote a script to attempt to login using those usernames and the default password. "

"A dump called "Collection #1" has been released by parties unknown, containing email addresses and cracked passwords: in its raw form, it contains 2.7 billion records, which Troy "Have I Been Pwned" Hunt (previously) de-duplicated to come up with 773 million unique records -- of those 140,000,000 email addresses and 10,000,000 passwords have never been seen in the HaveIBeenPwned database before."

"Quest Diagnostics, one of the biggest blood testing providers in the country, warned Monday that nearly 12 million of its customers may have had personal, financial and medical information breached due to an issue with one of its vendors."

"Clearview, the shady facial-recognition firm with links to law-enforcement and alt-right internet trolls, reports that its entire client list has been stolen."

"In a statement, the company said: "Colonial Pipeline is taking steps to understand and resolve this issue. At this time, our primary focus is the safe and efficient restoration of our service and our efforts to return to normal operation. This process is already under way, and we are working diligently to address this matter and to minimize disruption to our customers and those who rely on Colonial Pipeline."

"SINGAPORE: Personal information of about 129,000 Singtel customers was stolen after a recent data breach of a third-party file sharing system, the local telco said on Wednesday (Feb 17). Singtel has completed initial investigations into the breach and established which files on the Accellion file transfer appliance (FTA) were accessed illegally, the company said in a news release."

""In 2022, the Shanghai National Police (SHGA) database was leaked. This database contains many TB of data and information on billions of Chinese citizen," the post said. "Databases contain information on 1 billion Chinese national residents and several billion case records, including: name, address, birthplace, national ID number, mobile number, all crime/case details.""

"The January snow lay thick on the Moscow ground, as masked officers of the FSB - Russia's fearsome security agency - prepared to smash down the doors at one of 25 addresses they would raid that day. Their target was REvil, a shadowy conclave of hackers that claimed to have stolen more than $100m (£74m) a year through "ransomware" attacks, before suddenly disappearing. As group members were led away in cuffs, FSB officers gathered crypto-wallets containing untold volumes of digital currency such as bitcoin. Others used money-counting machines to tot up dozens of stacks of hundred dollar bills."

"Cybersecurity researchers say the My2022 mobile app - the official app of the Beijing Winter Olympics - has serious security vulnerabilities and that "all Olympian audio is being collected, analyzed and saved on Chinese servers." Why This Matters: The Chinese government is mandating all Olympic athletes, coaches, and attendees use the My2022 app and, as of Thursday morning, the app is still available in the Apple and Android U.S. app stores where Americans can download it too."

"The university presidents' council said this morning that the security of its central admissions system has been upgraded after the personal data of around 23,000 students was advertised for sale on the dark web. The university presidents' council insisted that the leaked admissions data, which included personal information and examination results, was only current through last May after anger erupted over the data breach. #BanTCAS was surging on Thai Twitter this morning in reference to the Thai University Central Admission System, or TCAS."

"The personal details of millions of voters are believed to have been accessed in an attack by China on Britain's democratic process, ministers will say. MPs and peers are thought to be among 43 people who the government looks set to confirm have been targeted by cyber-attacks backed by the Chinese state. The UK could impose sanctions on individuals believed to be involved in these acts of state-backed interference, one of which was a separate attack on the Electoral Commission in which Beijing accessed the personal details of about 40 million voters."