Security News > 2022 > January

The bug affects the Home app, Apple's home automation software that lets you control home devices - webcams, doorbells, thermostats, light bulbs, and so on - that support Apple's HomeKit ecosystem. Wiping your data is quick and reliable because Apple mobile devices always encrypt your data, even if you don't set a lock code of your own, using a randomly chosen passphrase kept in secure storage.

Hackers used a cloud video hosting service to perform a supply chain attack on over one hundred real estate sites that injected malicious scripts to steal information inputted in website forms. In a new supply chain attack discovered by Palo Alto Networks Unit42, threat actors abused a cloud video hosting feature to inject skimmer code into a video player.

Using real data is a good way to ensure that development code is working as expected before live deployment, but when you are dealing with sensitive information such as bank account details, great care must be taken not to fall foul of data protection regulations. In a later data breach notification, the firm disclosed more details on the security incident, including the number of people and the type of personal data affected by the data breach.

A malicious Telegram instant-messaging app installer scurries past a slew of antivirus engines to deliver Purple Fox malware, evading detection by separating the attack into bite-sized morsels that fly under the radar. "We have often observed threat actors using legitimate software for dropping malicious files," analysts wrote.

UScellular, self-described as the fourth-largest wireless carrier in the US, has disclosed a data breach after the company's billing system was hacked in December 2021. "On December 13, 2021, UScellular detected a data security incident in 'which unauthorized individuals illegally accessed our billing system and gained access to wireless customer accounts that contain personal information," the carrier explained.

A ransomware attack on the McMenamins dining and hospitality empire in the Pacific Northwest came along with a data breach covering 12 years of employee data, the organization has confirmed. The Dec. 12 incident - which some have attributed to the Conti gang - forced McMenamins to shut down various operations, though locations can still receive customers.

The cracked passwords for almost 7.5 million DatPiff members are being sold online, and users can check if they are part of the data breach through the Have I Been Pwned notification service. It is unclear when the data breach occurred, but the DatPiff database was first sold privately and then publicly on hacking forums in July 2020.

Commentary: The privacy-oriented search engine keeps winning fans. The privacy-oriented search engine netted more than 35 billion search queries in 2021, a 46.4% jump over 2020.

The Information Commissioner's Office has confirmed that former New Zealand privacy commissioner John Edwards has started his new role as the UK's Information Commissioner. While legal experts have warned of the dangers of the UK straying too far from the EU's General Data Protection Directive - or risking the adequacy decision which currently allows data sharing between the UK and the EU to support business as usual - his message is don't stop believing.

Media giant Impresa, which owns the largest television station and newspaper in Portugal, was crippled by a ransomware attack just hours into 2022. The suspected ransomware gang behind the attack goes by the name Lapsus$.