Cybersecurity

Concerned about the news coming out of America? So am I!

So concerned in fact that I will be dropping American technology companies from my tech stack ASAP. Why? Well, read the news! But if you're still unsure, check out my blog post where I can explain.

https://paulbrzeski.medium.com/goodbye-for-now-america-67565480d2bc

#technology #cybersecurity #compliance #software #hosting #bestpractices #law #humanrights #workersrights #privacy #gdpr #auspol #australia #business

Malicious packages are infecting Python repositories and target developers and engineers looking to integrate DeepSeek into their work.

#malicious #package #Python #cybersecurity #DeepSeek #AI

https://cnews.link/malicious-python-packages-deepseek-1/

GrubHub reports a data breach exposing user data, payment details, and hashed passwords via a third-party provider.

#cybersecurity #GrubHub #Food #password #DataSecurity #dataprivacy

https://cnews.link/grubhub-breach-exposes-merchant-driver-data-3/

Threat actor claims to have breached Trump Hotels⤵️
#databreach #Trump #cybersecurity

https://cnews.link/trump-hotels-data-leak-claim/

Meet the hired guns who help make sure the details of school cyberattacks stay hidden from the victims, whose leaked personal information leaves them vulnerable to identity theft and other forms of online exploitation.

https://flip.it/WvMJrQ

#Cybersecurity #Cyberattack #Privacy

Apple has already updated its on-device malware tool XProtect to block several variants of North Korea-attributed malware.

#Apple #NorthKorea #cybersecurity #malware #cybercrime

https://cnews.link/researchers-north-korea-malware-macos-1/

"The supermassive leak contains data from numerous previous breaches, comprising an astounding 12 terabytes of information, spanning over a mind-boggling 26 billion records. The leak, which contains LinkedIn, Twitter, Weibo, Tencent, and other platforms’ user data, is almost certainly the largest ever discovered.

There are data leaks, and then there’s this. A supermassive Mother of all Breaches (MOAB for short) includes records from thousands of meticulously compiled and reindexed leaks, breaches, and privately sold databases. The full and searchable list is included at the end of this article.

Bob Dyachenko, cybersecurity researcher and owner at SecurityDiscovery.com, together with the Cybernews team, has discovered billions upon billions of exposed records on an open instance.

Even though at first the owner of the database was unknown, Leak-Lookup, a data breach search engine, said it was the holder of the leaked dataset. The platform posted a message on X, saying the problem behind the leak was a “firewall misconfiguration,” which was fixed."

https://cybernews.com/security/billions-passwords-credentials-leaked-mother-of-all-breaches/

#CyberSecurity #DataBreaches #Privacy #DataProtection

I know what you did last summer... kind of. But every day rather 📍

https://timsh.org/tracking-myself-down-through-in-app-ads/

#infosec #cybersecurity #privacy #ads #security

"WhatsApp on Friday accused the commercial surveillance company Paragon of targeting about 90 of its users with spyware.

The Meta-owned messaging platform said it believes the targets include journalists and members of civil society. The company said it had disrupted the attack vector, which involved a malicious PDF file that was sent to intended victims.

WhatsApp determined Paragon, which was founded by former Israeli intelligence officers, was responsible for the attempted intrusions, and the company said it had contacted those targeted to make them aware of the incident. It also said it has sent Paragon a cease-and-desist letter.

“This is the latest example of why spyware companies must be held accountable for their unlawful actions,” a WhatsApp spokesperson said in a statement.

The company has aggressively pursued spyware companies targeting its users, and in December a California federal judge ruled that NSO Group, the manufacturer of the spyware Pegasus, was liable for having infected mobile devices of about 1,400 WhatsApp users in 2019."

https://therecord.media/whatsapp-paragon-spyware-targeting-users

#CyberSecurity #Spyware #Paragon #Surveillance #WhatsApp #Israel

The FDA warns that Contec and Epsimed monitors send data to a hardcoded IP and have backdoors for remote code execution.

#US #healthcare #IP #cybersecurity #cybercrime

https://cnews.link/contec-vital-signs-monitors-contain-backdoors-1/

Community Health Center (CHC) reports a data breach that may have affected 1,061,000 individuals. Health records and other private information may have been stolen.

#databreach #cybersecurity #cybercrime #dataprivacy #datasecurity

https://cnews.link/skilled-criminal-hacker-exposes-community-health-center-1/

The New York Blood Center (NYBCe) Enterprises said its operating divisions have been impacted by a ransomware attack that took place on Sunday.

#NewYork #ransomware #CyberAttack #cybersecurity #cybercrime

https://cnews.link/new-york-blood-center-hit-by-ransomware-attack-blood-shortage-1/

"In this article, I'll share some of the key lessons we've learned about navigating the complex world of digital security. I'll look at how to identify the right tools, services, resources, and organisations to protect your community, network, or organisation from cyber threats - and why this work is more important than ever. Consider this: almost everything we do online relies on the infrastructure and services of the 'big five' technology companies - Google, Apple, Facebook, Amazon, and Microsoft (GAFAM) + rapidly catching up with Chinese counterparts: TikTok, DeepSeek. At the same time, the regulations and policies that govern these digital spaces and their gatekeepers can be overturned overnight by shifting political agendas with the stroke of a pen, while the sophistication of surveillance and hacking tools is no match for what civil society has at its disposal. It's a precarious environment and difficult times, and understanding how to protect against these risks is more important than ever."

https://tacticaltech.org/news/insights/persistent-problems-of-digital-resilience/

#CyberSecurity #DigitalRights #Surveillance #Privacy

North Korea’s Lazarus Group is now embedding malware in trusted software, taking control of developer tools to steal data in the background.

#crypto #NorthKorea #Malware #CyberSecurity #datasecurity #DataPrivacy

https://cnews.link/north-korea-lazarus-hacking-1/

▪ @cybernews@infosec.exchange research ▪ Valley News Live exposed millions of resumes with personal data, ranging from home addresses to educational backgrounds.

#CyberSecurity #DataPrivacy #datasecurity #research #US

https://cnews.link/valley-news-live-data-leak-3/

▪ @cybernews@infosec.exchange research ▪ Our team took a deep dive into what our Ransomlooker tool said about key ransomware trends in 2024.

#ransomware #CyberSecurity #CyberCrime #Hacking

https://cnews.link/ransomware-overview-2024-lockbits-downfall-ransomhub-rising-3/

New York-based cybersecurity firm Wiz says it has found a trove of sensitive data from the startup DeepSeek inadvertently exposed to the open internet.

#cybersecurity #NewYork #China #DeepSeek #AI #internet

https://cnews.link/sensitive-deepseek-data-exposed-to-web-1/

"As most people who have played with a large language model know, foundation models frequently “hallucinate,” asserting patterns that do not exist or producing nonsense. This means that they may recommend the wrong targets. Worse still, because we can’t reliably predict or explain their behavior, the military officers supervising these systems may be unable to distinguish correct recommendations from erroneous ones.
Foundation models are also often trained and informed by troves of personal data, which can include our faces, our names, even our behavioral patterns. Adversaries could trick these A.I. interfaces into giving up the sensitive data they are trained on.

Building on top of widely available foundation models, like Meta’s Llama or OpenAI’s GPT-4, also introduces cybersecurity vulnerabilities, creating vectors through which hostile nation-states and rogue actors can hack into and harm the systems our national security apparatus relies on. Adversaries could “poison” the data on which A.I. systems are trained, much like a poison pill that, when activated, allows the adversary to manipulate the A.I. system, making it behave in dangerous ways. You can’t fully remove the threat of these vulnerabilities without fundamentally changing how large language models are developed, especially in the context of military use.

Rather than grapple with these potential threats, the White House is encouraging full speed ahead."

https://www.nytimes.com/2025/01/27/opinion/ai-trump-military-national-security.html

#AI #GenerativeAI #AIWarfare #CyberSecurity

Lightning AI fixed a critical vulnerability allowing remote code execution with root privileges.

#AI #vulnerability #cybersecurity #cyberattack

https://cnews.link/critical-vulnerability-ai-development-platform-lightning-ai-1/

▪ @cybernews@infosec.exchange research ▪ Struct Chat, a $29.95 per month AI-powered Slack tool, exposes its users’ private data and communications.

#DataSecurity #CyberSecurity #slack #DataPrivacy #infosec

https://cnews.link/unprotected-ai-service-streams-private-slack-messages-3/

Fashion giant H&M reportedly exposed millions of UAE customers, with leaked details revealing personal and sensitive information.

#fashion #UAE #DataPrivacy #dataleak #DataSecurity #cybersecurity

https://cnews.link/hm-online-shoppers-details-stolen-hackers-claim-3/

ENGlobal disclosed that November's breach exposed sensitive personal data.

#USA #energy #ENGlobal #databreach #DataSecurity #cybersecurity

https://cnews.link/englobal-energy-corp-breach-attackers-accessed-personal-data-1/

CNN Indonesia, the nationwide broadcast and online news network, is claimed by the notorious INC Ransom group on Tuesday.

#CNN #Indonesia #cybersecurity #cybercrime #Ransomware

https://cnews.link/cnn-indonesia-ransomware-attack-inc-ransom-group-1/

▪ @cybernews@infosec.exchange research ▪ A subcontractor's error exposed a database, revealing hundreds of thousands of Daytrip's customer records and travel orders.

#Cybersecurity #dataprivacy #datasecurity #infosec #dataprivacyday

https://cnews.link/daytrip-data-leak-reveals-travel-data-vip-members-3/

🔄 98 ENTRY CHANGES 🔄

💻 macOS Sequoia 15.2 - 25 added, 1 updated
https://support.apple.com/en-us/121839
📱 iOS and iPadOS 18.2 - 14 added, 3 updated
https://support.apple.com/en-us/121837
💻 macOS Sonoma 14.7.2 - 14 added
https://support.apple.com/en-us/121840
⌚ watchOS 11.2 - 10 added, 1 updated
https://support.apple.com/en-us/121843
💻 macOS Ventura 13.7.2 - 10 added
https://support.apple.com/en-us/121842
📺 tvOS 18.2 - 7 added, 1 updated
https://support.apple.com/en-us/121844
🥽 visionOS 2.2 - 6 added, 1 updated
https://support.apple.com/en-us/121845
📱 iPadOS 17.7.3 - 2 added
https://support.apple.com/en-us/121838
🌐 Safari 18.2 - 1 added, 1 updated
https://support.apple.com/en-us/121846
💻 macOS Sequoia 15 - 1 updated
https://support.apple.com/en-us/121238

#apple #cybersecurity #infosec #security #ios