Security News > 2023 > July

In what is shaping up to be a widespread privacy controversy, Spotify has come under scrutiny following allegations by users that the music streaming service made their private playlists public without their consent. There are similar reports on Spotify's forum in March, with one of the affected users being a music curator who uses Spotify professionally.

The All-In-One Security WordPress security plugin, used by over a million WordPress sites, was found to be logging plaintext passwords from user login attempts to the site's database, putting account security at risk. Roughly three weeks ago, a user reported that the AIOS v5.1.9 plugin was not only recording user login attempts to the aiowps audit log database table, used to track logins, logouts, and failed login events but also recording the inputted password.

Conor Brian Fitzpatrick, aka Pompompurin, the owner of the notorious BreachForums hacking forum, has pleaded guilty to hacking and child pornography possession charges. "BreachForums included a 'Marketplace' section that was dedicated to the buying and selling of hacked or stolen data, tools for committing cybercrime, and other illicit material, including a 'Leaks Market' subsection," court documents unsealed on July 13th read. "BreachForums operated as an illegal marketplace where its members could solicit for sale, sell, and purchase and trade hacked or stolen data and other contraband, including stolen access devices, tools for committing cybercrime, breached databases, and other services for gaining unauthorized access to victim systems."

Multiple security vulnerabilities have been discovered in various services, including Honeywell Experion distributed control system and QuickBlox, that, if successfully exploited, could result in severe compromise of affected systems. Dubbed Crit.IX, the nine flaws in the Honeywell Experion DCS platform allow for "Unauthorized remote code execution, which means an attacker would have the power to take over the devices and alter the operation of the DCS controller, whilst also hiding the alterations from the engineering workstation that manages the controller," Armis said in a statement shared with The Hacker News.

Colorado State University has confirmed that the Clop ransomware operation stole sensitive personal information of current and former students and employees during the recent MOVEit Transfer data-theft attacks. Colorado State University is a public research university with nearly 28,000 students and 6,000 academic and administrative staff members, operating on an endowment of $558,000,000.

Criminal IP, a leading Cyber Threat Intelligence search engine, has formed a powerful alliance with Tines, a renowned provider of no-code automation solutions. Explore Stories with Criminal IP API. Users can accelerate their automation efforts and address common use cases by accessing the Tines Story Library.

Review your recent Gmail access, browser sign-in history and Google account activity to make sure no one other than you has used your account. SEE: Discover how to regain access to your Google account.

Threads - whose full name is "Threads, an Instagram app" - is an app created by Meta's Instagram team and to use it you have to have an Instagram account. Even though the app is unavailable for download in official European Android and iOS app stores, there are ways around that roadblock.

The first Republican primary debate has a popularity threshold to determine who gets to appear: 40,000 individual contributors. A long-shot contender at the bottom of recent polls, Mr. Burgum is offering $20 gift cards to the first 50,000 people who donate at least $1 to his campaign.

As security practices continue to evolve, one primary concern persists in the minds of security professionals-the risk of employees unintentionally or deliberately exposing vital information. While access controls, encryption, and monitoring systems are crucial for identifying and mitigating unauthorized access and suspicious activities, the increasing prevalence of cloud-based environments and the surge in SaaS application usage demand a fresh perspective on Insider Risk Management from a SaaS security standpoint.