Security News

Philly Inquirer says Cuba ransomware gang's data leak claims are fake news
2023-05-24 20:26

The Philadelphia Inquirer has punched back at the Cuba ransomware gang after the criminals leaked what they said were files stolen from the newspaper. While The Inquirer confirmed Cuba had claimed responsibility for the break-in, it insisted that any documents posted by the gang on the dark web were not swiped from the newspaper.

Luxottica confirms 2021 data breach after info of 70M leaks online
2023-05-19 13:37

Luxottica has confirmed one of its partners suffered a data breach in 2021 that exposed the personal information of 70 million customers after a database was posted this month for free on hacking forums. Luxottica suffered a data breach in August 2020 that exposed the personal information of 829,454 EyeMed and Lenscrafters patients.

GitHub Extends Push Protection to Prevent Accidental Leaks of Keys and Other Secrets
2023-05-11 05:01

GitHub has announced the general availability of a new security feature called push protection, which aims to prevent developers from inadvertently leaking keys and other secrets in their code. The Microsoft-owned cloud-based repository hosting platform, which began testing the feature a year ago, said it's also extending push protection to all public repositories at no extra cost.

Never leak secrets to your GitHub repositories again
2023-05-10 11:02

GitHub is making push protection - a security feature designed to automatically prevent the leaking of secrets to repositories - free for owners of all public repositories. Prevent leaking secrets with GitHub push protection.

GitHub now auto-blocks token and API key leaks for all repos
2023-05-09 21:42

GitHub is now automatically blocking the leak of sensitive information like API keys and access tokens for all public code repositories. This feature proactively prevents leaks by scanning for secrets before 'git push' operations are accepted, and it works with 69 token types detectable with a low "False positive" detection rate.

FYI: Intel BootGuard OEM private keys leak from MSI cyber heist
2023-05-09 02:27

Intel is investigating reports that BootGuard private keys, used to protect PCs from hidden malware, were leaked when data belonging to Micro-Star International was stolen and dumped online. It's understood the private keys were generated by MSI to use with Intel's BootGuard technology, and were among internal source code and other materials taken from the computer parts maker's IT systems last month - at least some of which has since been shared on the internet.

Intel investigating leak of Intel Boot Guard private keys after MSI breach
2023-05-08 17:31

Intel is investigating the leak of alleged private keys used by the Intel Boot Guard security feature, potentially impacting its ability to block the installation of malicious UEFI firmware on MSI devices. On Friday, Alex Matrosov, the CEO of firmware supply chain security platform Binarly, warned that the leaked source code contains the image signing private keys for 57 MSI products and Intel Boot Guard private keys for 116 MSI products.

Hackers leak images to taunt Western Digital's cyberattack response
2023-05-01 12:28

The leak comes after the threat actor warned Western Digital on April 17th that they would hurt them until they "Cannot stand anymore" if a ransom was not paid. On March 26th, Western Digital suffered a cyberattack where threat actors breached its internal network and stole company data.

Yellow Pages Canada confirms cyber attack as Black Basta leaks data
2023-04-24 07:22

Yellow Pages Group, a Canadian directory publisher has confirmed to BleepingComputer that it has been hit by a cyber attack.Black Basta ransomware and extortion gang claims responsibility for the attack and has posted sensitive documents and data over the weekend.

Pentagon super-leak suspect cuffed: 21-year-old Air National Guardsman
2023-04-13 19:52

The FBI has detained a 21-year-old Air National Guardsman suspected of leaking a trove of classified Pentagon documents on Discord. He also controlled a private Discord server, and allegedly posted photographs of the classified Pentagon documents to impress the private group's 25 members, which included netizens in Europe, Asia, and South America.