Security News > 2023 > January

Rackspace has confirmed the Play ransomware gang was behind last month's hacking and said it won't bring back its hosted Microsoft Exchange email service, as it continues working to recover customers' email data lost in the December 2 ransomware attack. Rackspace said "More than half" of its customers who lost their hosted email service last month now have "Some or all of their data available to them for download," in its latest and final status update, posted today.

"Of the nearly 30,000 customers on the Hosted Exchange email environment at the time of the attack, the forensic investigation determined the threat actor accessed a Personal Storage Table of 27 Hosted Exchange customers," Rackspace said in an incident report update shared with BleepingComputer in advance. "Customers who were not contacted directly by the Rackspace team can be assured that their PST data was not accessed by the threat actor."

More than 200 million Twitter users' information is now available for anyone to download for free.This latest data dump, which includes account names, handles, creation dates, follower counts, and email addresses, turns out to the be same - albeit cleaned up - leak reported last month that affected more than 400 million Twitter accounts, according to Privacy Affairs' security researchers, who verified the database that's now posted on a breach forum.

If you want to use the collaboration features, you must configure an SMTP server. Without an SMTP server configured, you won't be able to share vault items with team members for collaboration, and the system will not be able to send user confirmation emails.

Antivirus company Bitdefender has released a decryptor for the MegaCortex ransomware family, making it possible for victims of the once notorious gang to restore their data for free. You may download the tool from this page and read the user manual for more details on using Bitdefender's MegaCortex decryptor.

France's data protection authority has fined Apple €8,000,000 for collecting user data for targeted advertising on the App Store without requesting or securing the user's consent. "The CNIL services found that under the old version 14.6 of the operating system of the iPhone when a user visited the App Store, identifiers used for several purposes, including personalization of ads on the App Store, were by default automatically read on the terminal without obtaining consent." - CNIL. CNIL suggests that Apple could keep the option "Buried" in the settings menu as long as it prompted the user to consent to App Store tracking upon the device's first setup, which wasn't the case in iOS 14.6.

The NYC Department of Education has banned the use of ChatGPT by students and teachers in New York City schools as there are serious concerns about its use hampering learning and leading to misinformation. Microsoft is reportedly planning to integrate ChatGPT into Bing to give its search engine an edge over competitors like Google Search.

LastPass finally admits: Those crooks who got in? They did steal your password vaults, after all. Actually your passwords were encrypted, but the websites and the web services and an unstated list of other stuff that you stored, well, that *wasn't* encrypted.

To address these challenges, Google, Microsoft and Proton, whose Proton Mail service was a first-mover in secure email, both moved to expand end-to-end encryption offerings. Google's announcement followed that of Proton, an encrypted cloud storage platform launched in 2013 in Geneva, Switzerland by CEO Andy Yen.

Starting today, WhatsApp allows users to connect via proxy servers due to Internet shutdowns or if their governments block the service in their country. The new proxy support option is available to all users running the latest WhatsApp iOS and Android applications.