Security News > 2022

The US Federal Trade Commission has warned today that it will go after any US company that fails to protect its customers' data against ongoing Log4J attacks. "The FTC intends to use its full legal authority to pursue companies that fail to take reasonable steps to protect consumer data from exposure as a result of Log4j, or similar known vulnerabilities in the future," the US government agency said.

"The Microsoft Pluton is a security processor, pioneered in Xbox and Azure Sphere, designed to store sensitive data, like encryption keys, securely within the Pluton hardware, which is integrated into the die of a device's CPU and is therefore more difficult for attackers to access, even if they have physical possession of a device," explained David Weston, Director of Enterprise and OS Security at Microsoft. In November 2020, Microsoft announced it would integrate its Pluton security processor into Intel, AMD, and Qualcomm CPUs as an on-die chip to reduce the available attack surface on Windows PCs. First introduced with the XBOX One and Azure Sphere, Pluton emulates a Trusted Platform Module to protect the boot process, encryption keys, and credentials directly on the CPU with the end goal of blocking threat actors from gaining access to such sensitive data.

The bug affects the Home app, Apple's home automation software that lets you control home devices - webcams, doorbells, thermostats, light bulbs, and so on - that support Apple's HomeKit ecosystem. Wiping your data is quick and reliable because Apple mobile devices always encrypt your data, even if you don't set a lock code of your own, using a randomly chosen passphrase kept in secure storage.

Hackers used a cloud video hosting service to perform a supply chain attack on over one hundred real estate sites that injected malicious scripts to steal information inputted in website forms. In a new supply chain attack discovered by Palo Alto Networks Unit42, threat actors abused a cloud video hosting feature to inject skimmer code into a video player.

Using real data is a good way to ensure that development code is working as expected before live deployment, but when you are dealing with sensitive information such as bank account details, great care must be taken not to fall foul of data protection regulations. In a later data breach notification, the firm disclosed more details on the security incident, including the number of people and the type of personal data affected by the data breach.

A malicious Telegram instant-messaging app installer scurries past a slew of antivirus engines to deliver Purple Fox malware, evading detection by separating the attack into bite-sized morsels that fly under the radar. "We have often observed threat actors using legitimate software for dropping malicious files," analysts wrote.

UScellular, self-described as the fourth-largest wireless carrier in the US, has disclosed a data breach after the company's billing system was hacked in December 2021. "On December 13, 2021, UScellular detected a data security incident in 'which unauthorized individuals illegally accessed our billing system and gained access to wireless customer accounts that contain personal information," the carrier explained.

A ransomware attack on the McMenamins dining and hospitality empire in the Pacific Northwest came along with a data breach covering 12 years of employee data, the organization has confirmed. The Dec. 12 incident - which some have attributed to the Conti gang - forced McMenamins to shut down various operations, though locations can still receive customers.

The cracked passwords for almost 7.5 million DatPiff members are being sold online, and users can check if they are part of the data breach through the Have I Been Pwned notification service. It is unclear when the data breach occurred, but the DatPiff database was first sold privately and then publicly on hacking forums in July 2020.

Commentary: The privacy-oriented search engine keeps winning fans. The privacy-oriented search engine netted more than 35 billion search queries in 2021, a 46.4% jump over 2020.