Security News > 2022 > July

Just under a year ago, the US arm of telecomms giant T-Mobile admitted to a data breach after personal information about its customers was offered for sale on an underground forum. At the time, VICE Magazine claimed to have communicated with the hacker behind the breach via online chat, and to have been offered "T-Mobile USA. Full customer info."

An emerging and fast-growing threat group is using a unique business model to offer cybercriminals a broad range of services that span from leaked databases and distributed denial-of-service attacks to hacking scripts and, in the future, potentially ransomware. As a clearer picture of AIG emerged, it became obvious that the group's operations were anything but business as usual.

Hackers are targeting websites using the PrestaShop platform, leveraging a previously unknown vulnerability chain to perform code execution and potentially steal customers' payment information. The PrestaShop team issued an urgent warning last Friday, urging the admins of 300,000 shops using its software to review their security stance after cyberattacks were discovered targeting the platform.

Microsoft has addressed a known issue that was causing the start menu on some Windows 11 to malfunction after installing recent updates. This known issue affects only devices running Windows 11, version 21H2, and it was acknowledged on Friday after Redmond received customer reports of start menu issues affecting some systems.

Without refactoring, a shift from Python 2.7 to Python 3.0 often means the code for Python 2.7 just doesn't work that well anymore, or even at all. Running existing code on an outdated version of Python avoids quite a lot of challenges because you don't need to refactor: you're keeping your code just the way it was.

Microsoft is warning customers that Windows updates released since June 28 will trigger printing issues on devices connected using USB. "Microsoft has received reports of issues affecting some printing devices following installation of Windows updates released June 28 and later," Redmond explained. "Normal printer usage might be interrupted for either scenario, resulting in failure of printing operations," the company said in a notice on the Windows health dashboard.

In a statement, the US Department of Justice said: "Uber admitted to and accepted responsibility for the acts of its officers, directors, employees, and agents in concealing its 2016 data breach from the Federal Trade Commission, which at the time of the 2016 breach had a pending investigation into the company's data security practices." ESET researchers have uncovered a fresh sample of macOS malware that uses public cloud services to store payloads, exfiltrate data and execute command and control of infected machines.

What the hell are we supposed to do with this information? Is this an error in the suspicious activity detector? Is this the result of hacking attempts via compromised Microsoft systems? Is it Microsoft bungling some sort of management task? At the time of writing, nobody knows. That's quite a remarkable response to a threat that's difficult to enumerate.

Modern physical security infrastructure needs additional 24/7 automated protection and cyber management - beyond blocking hackers - to maintain 99% uptime and fulfill its physical security function. Atlanta tries to have each of its 25,000-odd cameras checked twice a week, but is hampered by having different maintenance agreements with various providers and camera vendors for different makes.

How bad can it be? Find out with this webinar Webinar If you realized software you'd developed contained a vulnerability that left you – and your customers - open to cyber-attack what should your...