zackwhittaker

zackwhittaker, 1 year ago to random

New: Amazon is selling Android TV boxes laced with malware, security researchers confirm.

When reached, an Amazon spokesperson declined to comment. The malware-infected models are still for sale.

More: https://techcrunch.com/2023/05/18/popular-android-tv-boxes-sold-on-amazon-are-laced-with-malware/

zackwhittaker, 1 year ago to random

New: U.K. outsourcing giant Capita is facing heat after leaving gigabytes of customer data exposed to the internet for years.

Colchester City Council told TechCrunch that its data was exposed by Capita's error.

Capita told us that the exposed data was limited to "release notes and user guides," and did not indicate any of the data was sensitive.

It's Capita's second security incident in a month, weeks after it was hit by a ransomware attack.

More by @carlypage: https://techcrunch.com/2023/05/15/capita-breach-fallout-widens-as-customers-learn-of-data-theft/

zackwhittaker, 1 year ago to random

A busy this week in security just went out, featuring:

• DOJ takes down Russian malware, booters
• MSI code-signing keys leaked, no easy way to revoke
• Capita slated as Britain's "largest hack"
• Twitter's badly-encrypted DMs roll out
• Department of Transportation tells lawmakers it was hacked
• EU says spyware should be banned
• Toyota Japan vehicle locations exposed for a decade
• A very cute cyber cat, and more

Sign up: https://this.weekinsecurity.com

Read online: https://mailchi.mp/zackwhittaker/this-week-in-security-may-14-2023-edition

zackwhittaker, 1 year ago to random

Hope everyone is having a peaceful weekend. Here's Toby, aka smush face.

zackwhittaker, 1 year ago to random

New: Hackers stole 3 million SchoolDude user accounts in an April data breach.

Brightly, which makes the software, reset user passwords amid fears they weren't stored securely. When reached for comment, the company declined to say if the stolen passwords were encrypted.

More: https://techcrunch.com/2023/05/12/brightly-schooldude-data-breach/

zackwhittaker, 1 year ago to random

New: Toyota has apologized after it exposed the vehicle locations and car video footage of at least 2 million vehicles in Japan for close to a decade due to a server misconfiguration.

https://techcrunch.com/2023/05/12/toyota-japan-exposed-millions-locations-videos/

SwiftOnSecurity, 1 year ago to random

If the central Mastodon server ever goes down follow me on Bluesky too I'm @swiftonsecurity.com

zackwhittaker, 1 year ago to random

These kids are awesome. High school students wore t-shirts that say "I read banned books" and shouted “trans rights are human rights” in protest at Iowa laws during the governor's scholar ceremony.

The full video is well worth it: https://www.desmoinesregister.com/videos/news/2023/05/01/ihsaascholarshipceremony/11778011002/

zackwhittaker, 1 year ago to random

T-Mobile, the second largest U.S. cell carrier, has disclosed nine data breaches since 2009, according to New Hampshire's DOJ. (Three listed here are duplicates.)

The breaches range from T-Mobile employees abusing their internal access to obtain customer data, through to huge thefts of personal information of tens of millions of customers.

T-Mobile's disclosed its most recent breach last week. Hackers stole hundreds of customer account PINs (for SIM swaps).

NH DOJ: https://www.doj.nh.gov/consumer/security-breaches/t.htm

zackwhittaker, 1 year ago to random

New, by me: Apple has released its first batch of "rapid" security fixes for iPhones, iPads and Macs, which are designed to quickly fix security threats.

But the rollout isn't going so smoothly... Still, update when you can!

More: https://techcrunch.com/2023/05/01/apple-rapid-security-fixes/

GossiTheDog, 1 year ago to random

deleted_by_author

zackwhittaker, 1 year ago to random

CommScope employees say they haven’t heard from executives in over a week about how the company is responding to a ransomware attack.

The March 27 ransomware attack caused several days of disruption, employees said.

New by @carlypage and me: https://techcrunch.com/2023/04/27/commscope-ransomware-data/

zackwhittaker, 1 year ago to random

Incredible reporting by @lorenzofb:

Hackers said they had access to AT&T's internal network, which allowed them to break into customers' email accounts and steal their cryptocurrency.

Two victims confirmed they were hacked. One of them had $134,000 from his Coinbase account.

AT&T said it's reset some customers' passwords as a "precaution," and "updated our security controls to prevent this activity."

More: https://techcrunch.com/2023/04/26/hackers-are-breaking-into-att-email-accounts-to-steal-cryptocurrency/

zackwhittaker, 1 year ago to random

Important as it is to not let AI launch nuclear weapons, it's precisely this kind of thumb-twiddling bullshit lawmakers spend their time on that illustrates why Americans don't have healthcare.

zackwhittaker, 1 year ago to random

New by @carlypage: PaperCut, a print management software used by tens of thousands of organizations the world, says hackers are exploiting a 'critical' security flaws in unpatched servers.

Security firm Huntress says the hackers exploited the flaws to deploy Truebot — the same initial malware that was used by the Clop ransomware group to mass-hack dozens of Fortra customers running its GoAnywhere software.

More:
https://techcrunch.com/2023/04/25/papercut-hackers-critical-flaw-clop-ransomware/

zackwhittaker, 1 year ago to random

New: @lorenzofb spoke with one of the hackers behind the Western Digital hack.

As proof, the hacker provided a file signed with Western Digital's code-signing certificate (below), non-public phone numbers of company executives, and a screenshot of a video call featuring the company's CISO.

More here: https://techcrunch.com/2023/04/13/hackers-claim-vast-access-to-western-digital-systems/