Infosec.Pub

Airportr is a service that allows passengers to have their luggage picked up, checked, and delivered to their destinations. As you might expect, it’s used by wealthy or important people. So if the company’s website is insecure, you’d be able to spy on lots of wealthy or important people. And maybe even steal their luggage. Researchers at the firm CyberX9 found that simple bugs in Airportr’s website allowed them to access virtually all of those users’ personal information, including travel plans, or even gain administrator privileges that would have allowed a hacker to redirect or steal luggage in transit. Among even the small sample of user data that the researchers reviewed and shared with WIRED they found what appear to be the personal information and travel records of multiple government officials and diplomats from the UK, Switzerland, and the US...

What once took place in the dark corners of the internet is now a sprawling ecosystem of illicit activity operating in plain sight - and one Cambodia-based operation seems to have made a lot of it possible. (Source: Bloomberg)

Won't someone think of the King of Ink?!

Workers on joint US/UK/Australia nuclear submarine program are painting a target on themselves The Director-General of Security at the Australian Security Intelligence Organization (ASIO) has lamented the fact that many people list their work in the intelligence community or on sensitive military projects in their LinkedIn profiles.…

Margaret Attridge / Courthouse News Service: A US jury finds Meta violated the California Invasion of Privacy Act when it intentionally recorded the health data of women via the period tracking app Flo  —  The jury got to decide how seriously Big Tech takes privacy, the attorney for a class of Flo users said in closing arguments.

OpenAI scrambles to remove personal ChatGPT conversations from Google results.

Pi-hole, a popular network-level ad-blocker, has disclosed that donor names and email addresses were exposed through a security vulnerability in the GiveWP WordPress donation plugin. [...]

Our tests have shown there are ways to get around the promised security improvements exclusive  Microsoft Recall, the AI app that takes screenshots of what you do on your PC so you can search for it later, has a filter that's supposed to prevent it from screenshotting sensitive info like credit card numbers. But a The Register test shows that it still fails in many cases, creating a potential treasure trove for thieves.…

CISA releases Thorium, an open-source tool for malware and forensic analysis, now available to analysts in government, public, and private sectors. CISA has released Thorium, a new open-source platform designed to support malware and forensic analysis. The platform was designed in collaboration with Sandia National Laboratories, the US Agency presented it as a scalable, open-source platform […]

The Guardian’s review of records found:

Out of nine “assault” and “impeding” felony cases the justice department filed immediately after the start of the protests and promoted by the attorney general, Pam Bondi, prosecutors dismissed seven of them soon after filing the charges. In reports that led to the detention and prosecution of at least five demonstrators, Department of Homeland Security (DHS) agents made false statements about the sequence of events and misrepresented incidents captured on video. One DHS agent accused a protester of shoving an officer, when footage appeared to show the opposite: the officer forcefully pushed the protester. One indictment named the wrong defendant, a stunning error that has jeopardized one of the government’s most high-profile cases.