Security News > 2023 > June

The stolen data has been circulating online for at least a few days, we're told, and the spyware's users - those who got the app to put on someone else's device - reportedly include government workers and a ton of US college students. Yes, we appreciate the irony of the maker of a phone-monitoring app that boasts about secretly collecting call logs, text messages, and whereabouts while remaining "Invisible to the user" admitting that someone else gained unauthorized access to their information.

Police breaking into and snooping on the EncroChat encrypted messaging network has led to 6,558 arrests worldwide and nearly €740 million seized in criminal funds, according to cops in France and the Netherlands. In 2020, the two countries led the effort to bust open the communications service, compromising the network's servers and using that access to collect data from EncroChat handsets.

The npm Public Registry, a database of JavaScript packages, fails to compare npm package manifest data with the archive of files that data describes, creating an opportunity for the installation and execution of malicious files. "The npm Public Registry does not validate manifest information with the contents of the package tarball, relying instead on npm-compatible clients to interpret and enforce validation/consistency," Clarke explains.

Recently, the manager of the Harvard Med School morgue was accused of stealing and selling human body parts. Cedric Lodge and his wife Denise were among a half-dozen people arrested for some pretty grotesque crimes.

The FIDO Alliance's Andrew Shikiar explains how passkeys are quickly replacing passwords as the next-generation login, a low friction, high security protocol for any device. When the FIDO Alliance holds its virtual Authenticate Virtual Summit on passkeys event this week, the focus will be on how enterprises are shifting away from passwords to the new passkey standards and technical innovations, constituting the latest advance in public key cryptography.

Microsoft has released the optional KB5027293 Preview cumulative update for Windows 10 22H2 with three new features and 11 additional fixes or changes. Windows 10 users can also manually download and install the KB5027293 preview update from the Microsoft Update Catalog.

Microsoft has released the June 2023 optional cumulative update for Windows 11, version 22H2, which enables the recently announced new Moment 3 fixes, improvements, and new features. While Moment 3 changes have been disabled by default, even though included with the KB5026446 update, users could still enable them by turning on a toggle in the Windows Update settings.

Siemens Energy has confirmed that data was stolen during the recent Clop ransomware data-theft attacks using a zero-day vulnerability in the MOVEit Transfer platform.Today, Clop listed Siemens Energy on their data leak site, indicating that data was stolen during a breach on the company.

Censys researchers have discovered hundreds of Internet-exposed devices on the networks of U.S. federal agencies that have to be secured according to a recently issued CISA Binding Operational Directive. All Internet-exposed management interfaces found by Censys on the networks of U.S. federal agencies have to be secured according to CISA's Binding Operational Directive 23-02 within 14 days after being identified.

Data loss prevention enables organizations to protect their sensitive data. Data loss prevention is a set of software tools, processes and data security practices that help prevent unauthorized access, misuse or loss of sensitive or critical data.