Cybersecurity

State-sponsored North Korean hackers threaten not only the US, Japan, and South Korea but also the broader international community.

#NorthKorea #hacker #US #crypto #CyberSecurity #Japan #SouthKorea

https://cnews.link/north-korean-crypto-hackers-international-warning-1/

CISA is urging Windows users to update their systems to address actively exploited vulnerabilities.

#CyberSecurity #windows #Microsoft #vulnerability #DataSecurity

https://cnews.link/microsoft-patches-three-exploited-windows-zero-days-1/

The Office of the Comptroller in Massachusetts has temporarily shut down its payroll system after employees were lured into revealing their credentials to threat actors.

#Massachusetts #cybersecurity #DataPrivacy #cybercrime #Hacking

https://cnews.link/massachusetts-credential-harvesting-attack-1/

"TL;DR — Email addresses in stealer logs can now be queried in HIBP to discover which websites they've had credentials exposed against. Individuals can see this by verifying their address using the notification service and organisations monitoring domains can pull a list back via a new API."

https://www.troyhunt.com/experimenting-with-stealer-logs-in-have-i-been-pwned/

#CyberSecurity #StealerLogs #Privacy #DataBreaches

Individuals attempting to jailbreak Microsoft‘s AI services will face legal action.

#Microsoft #AI #jailbreak #legalaction #cybersecurity

https://cnews.link/microsoft-legal-action-artificial-intelligence-jailbreaks-3/

Exploiting this vulnerability, attackers could bypass Apple’s vital security feature, known as SIP.

#CyberSecurity #Apple #cyberattack #cybercrime #vulnerability #datasecurity

https://cnews.link/apple-macos-vulnerability-3/

The cyberattack has knocked Eindhoven University of Technology (TU/e) back to the pre-internet era, forcing the university to cancel classes for thousands of students.

#cybersecurity #DataPrivacy #Eindhoven #Netherlands #hack

https://cnews.link/eindhoven-university-technology-emergency-shutdown-1/

The brand said that a point-of-sale vendor had notified them of a breach relating to some of the suppliers' retail locations.

#cybersecurity #databreach #hack #datasecurity #passport

https://cnews.link/company-stiiizy-data-breach-3/

British citizens are being arrested for exercising free speech in the United Kingdom.

#uk #cybersecurity #hacker #FreeSpeech

https://cnews.link/orwellianism-uk-free-speech-1/

OMG. What a horrible world we live in

1. The moment you visit a website or app with ad space, it asks a company that runs ad auctions to determine which ads it will display for you. This involves sending information about you and the content you’re viewing to the ad auction company.
2. The ad auction company packages all the information they can gather about you into a “bid request” and broadcasts it to thousands of potential advertisers.
3. The bid request may contain personal information like your unique advertising ID, location, IP address, device details, interests, and demographic information. The information in bid requests is called “bidstream data” and can easily be linked to real people.
4. Advertisers use the personal information in each bid request, along with data profiles they’ve built about you over time, to decide whether to bid on ad space.
5. Advertisers, and their ad buying platforms, can store the personal data in the bid request regardless of whether or not they bid on ad space.

https://www.eff.org/deeplinks/2025/01/online-behavioral-ads-fuel-surveillance-industry-heres-how

#CyberSecurity #Privacy

"On Saturday, Triplegangers CEO Oleksandr Tomchuk was alerted that his company’s e-commerce site was down. It looked to be some kind of distributed denial-of-service attack.

He soon discovered the culprit was a bot from OpenAI that was relentlessly attempting to scrape his entire, enormous site.

“We have over 65,000 products, each product has a page,” Tomchuk told TechCrunch. “Each page has at least three photos.”

OpenAI was sending “tens of thousands” of server requests trying to download all of it, hundreds of thousands of photos, along with their detailed descriptions.

“OpenAI used 600 IPs to scrape data, and we are still analyzing logs from last week, perhaps it’s way more,” he said of the IP addresses the bot used to attempt to consume his site.

“Their crawlers were crushing our site,” he said “It was basically a DDoS attack.”

Triplegangers’ website is its business. The seven-employee company has spent over a decade assembling what it calls the largest database of “human digital doubles” on the web, meaning 3D image files scanned from actual human models.

It sells the 3D object files, as well as photos — everything from hands to hair, skin, and full bodies — to 3D artists, video game makers, anyone who needs to digitally recreate authentic human characteristics."

https://techcrunch.com/2025/01/10/how-openais-bot-crushed-this-seven-person-companys-web-site-like-a-ddos-attack/

#CyberSecurity #AI #GenerativeAI #OpenAI #WebScraping #DDoS #AITraining

GroupGreeting, a popular e-card site, was used to infect thousands of websites with malware this holiday season.

#holidays #cyberattacks #cybercrime #malware #CyberSecurity

https://cnews.link/group-greeting-e-card-malware-campaign-infects-thousands-1/

🚨 D-20 to the Software Heritage Symposium!

Join us Jan 29 at UNESCO headquarters in Paris to explore the intersection of #software, #AI, and society. Key themes: #cybersecurity, #AItransparency, #openscience, #culturalpreservation.

Let’s shape the future 👉 https://www.softwareheritage.org/2024/11/19/software-heritage-2025-symposium-summit/

The Space Bears ransomware gang stands out from the crowd by presenting itself better than many legitimate companies, with corporate stock images and a professional-looking leak site.

Here is what you need to know about the Space Bears gang: https://www.tripwire.com/state-of-security/space-bears-ransomware-what-you-need-know

#cybersecurity #ransomware

▪ @cybernews@infosec.exchange research ▪ Several million passports, voter IDs, and other documents have sat unguarded for at least several months.

#fintech #cybersecurity #DataPrivacy #DataSecurity #passport

https://cnews.link/miio-fintech-customer-passports-data-leak-3/

I received a lot of these emails. I ignored them. But did notice they did come from PayPal. Be careful. Do not click any link in any email from PayPal that is asking for money.

https://cybernews.com/security/paypal-phishing-attack-money-request-uses-real-email-address-/?source=mastodon&amp%3Bmedium=social&amp%3Bcampaign=cybernews&amp%3Bcontent=post

#CyberSecurity #Phishing #PayPal

The ICAO, the UN aviation agency tasked with keeping our skies safe, just got hacked...again.

This time, a hacker is offering to selli the personal data of 42,000 job applicants.

Some say the hackers are linked to China. What do you think?

https://www.bitdefender.com/en-us/blog/hotforsecurity/united-nations-aviation-agency-hacked-recruitment-database-plundered

#cybersecurity #databreach

US-based Medusind, a medical billing company, suffered a data breach affecting hundreds of thousands.

#DataBreach #cybersecurity #cybercrime #DataSecurity #US

https://cnews.link/medusind-medical-billing-firm-data-breach-3/

Power Schools, serving 60M+ students, paid hackers in December to delete stolen files, with video proof.

#cybersecurity #cybercrime #hacking #software #DataSecurity #DataPrivacy

https://cnews.link/powerschool-ransomware-attack-paid-to-erase-stolen-data-1/

Cybercriminals have deployed a new PayPal-involved email phishing attack – minus the phishing part – warns Fortinet’s head of security.

#cybersecurity #Paypal #phishing #cyberattacks

https://cnews.link/paypal-phishing-attack-money-request-uses-real-email-3/

"Some Motorola automated license plate reader surveillance cameras are live-streaming video and car data to the unsecured internet where anyone can watch and scrape them, a security researcher has found. In a proof-of-concept, a privacy advocate then developed a tool that automatically scans the exposed footage for license plates, and dumps that information into a spreadsheet, allowing someone to track the movements of others in real time.

Matt Brown of Brown Fine Security made a series of YouTube videos showing vulnerabilities in a Motorola Reaper HD ALPR that he bought on eBay. As we have reported previously, these ALPRs are deployed all over the United States by cities and police departments. Brown initially found that it is possible to view the video and data that these cameras are collecting if you join the private networks that they are operating on. But then he found that many of them are misconfigured to stream to the open internet rather than a private network.

“My initial videos were showing that if you’re on the same network, you can access the video stream without authentication,” Brown told 404 Media in a video chat. “But then I asked the question: What if somebody misconfigured this and instead of it being on a private network, some of these found their way onto the public internet?” "

https://www.404media.co/researcher-turns-insecure-license-plate-cameras-into-open-source-surveillance-tool/

#CyberSecurity #Privacy #Surveillance #USA #LicensePlateReaders #ALPRs #DataProtection

"Hackers claim to have compromised Gravy Analytics, the parent company of Venntel which has sold masses of smartphone location data to the U.S. government. The hackers said they have stolen a massive amount of data, including customer lists, information on the broader industry, and even location data harvested from smartphones which show peoples’ precise movements, and they are threatening to publish the data publicly.

The news is a crystalizing moment for the location data industry. For years, companies have harvested location information from smartphones, either through ordinary apps or the advertising ecosystem, and then built products based on that data or sold it to others. In many cases, those customers include the U.S. government, with arms of the military, DHS, the IRS, and FBI using it for various purposes. But collecting that data presents an attractive target to hackers.

“A location data broker like Gravy Analytics getting hacked is the nightmare scenario all privacy advocates have feared and warned about. The potential harms for individuals is haunting, and if all the bulk location data of Americans ends up being sold on underground markets, this will create countless deanonymization risks and tracking concerns for high risk individuals and organizations,” Zach Edwards, senior threat analyst at cybersecurity firm Silent Push, and who has followed the location data industry closely, told 404 Media. “This may be the first major breach of a bulk location data provider, but it won't be the last.”"

https://www.404media.co/hackers-claim-massive-breach-of-location-data-giant-threaten-to-leak-data/

#CyberSecurity #USA #Venntel #DataBreaches #LocationData #Surveillance #Privacy #DataProtection

▪ @cybernews@infosec.exchange research ▪ More than 13 million screenshots containing sensitive information are public.

#cybersecurity #DataSecurity #dataprivacy #infosec #informationsecurity

https://cnews.link/webwork-tracker-data-leak-3/

KI und Cyberbedrohungen: Was ihr wissen solltet. 🔍
Kriminelle nutzen Künstliche Intelligenz (KI) zunehmend für gezielte Cyberangriffe – aber statt neuer Taktiken beschleunigt KI bestehende Methoden. Besonders im Fokus: Dort, wo es um Ausnutzung von Vertrauen geht, etwa bei Social Engineering und Desinformation.

Wir beleuchten aktuelle Trends und geben Prognosen zur Zukunft der KI-Bedrohungen: ➡️ https://www.bsi.bund.de/dok/1121150

#DeutschlandDigitalSicherBSI #CyberSecurity #KI #KünstlicheIntelligenz

🧪 NEW BETA RELEASES 🧪

📱 iOS 18.3 beta 2 (22D5040d)
📱 iPadOS 18.3 beta 2 (22D5040d)
💻 macOS 15.3 beta 2 (24D5040f)
📺 tvOS 18.3 beta 2 (22K5540e)
🥽 visionOS 2.3 beta 2 (22N5881d)
⌚ watchOS 11.3 beta 2 (22S5540e)

#apple #cybersecurity #infosec #security #ios