Security News

Hotel chain Shangri-La Group has admitted to its systems being attacked, and personal data describing guests accessed by unknown parties, over a timeframe that includes the dates on which a high-level international defence conference was staged at one of its Singapore properties. "Shangri-La Group recently discovered unauthorized activities on our IT network," states a notice from the chain that goes on to reveal that "Between May and July 2022, a sophisticated threat actor managed to bypass Shangri-La's IT security monitoring systems undetected, and illegally accessed. guest databases".

TD Bank has disclosed a data breach affecting an undisclosed number of customers whose personal information was stolen by a former employee and used to conduct financial fraud.TD Bank is one of the largest banks in the United States by deposits, operating 1,220 branches and employing over 26,000 people.

The Vice Society Ransomware gang published data and documents Sunday morning that were stolen from the Los Angeles Unified School District during a cyberattack earlier this month. LAUSD superintendent Alberto M. Carvalho confirmed the release of stolen data in a statement posted to Twitter, along with announcing a new hotline launching tomorrow morning at 855-926-1129 for concerned parents and students to ask questions about the data leak.

Several hacktivist groups are using Telegram and other tools to aid anti-government protests in Iran to bypass regime censorship restrictions amid ongoing unrest in the country following the death of Mahsa Amini in custody. The company said it has also witnessed sharing of proxies and open VPN servers to get around censorship and reports on the internet status in the country, with one group helping the anti-government demonstrators access social media sites.

This week we saw some embarrassment for the LockBit ransomware operation when their programmer leaked a ransomware builder for the LockBit 3.0 encryptor. Ransomware operations were launched in the past from the leaks of the Babuk ransomware builder and Conti source code.

Boffins at the University of Michigan in the US and Zhejiang University in China want to highlight how bespectacled video conferencing participants are inadvertently revealing sensitive on-screen information via reflections in their eyeglasses. In a paper distributed via ArXiv, titled, "Private Eye: On the Limits of Textual Screen Peeking via Eyeglass Reflections in Video Conferencing," researchers Yan Long, Chen Yan, Shilin Xiao, Shivan Prasad, Wenyuan Xu, and Kevin Fu describe how they analyzed optical emanations from video screens that have been reflected in the lenses of glasses.

Two recent ransomware attacks against healthcare systems indicate cybercriminals continue to put medical clinics and hospitals firmly in their crosshairs. In a notification to watchdogs last Friday, Pennsylvania's largest primary care group said a "Sophisticated" ransomware crew breached its network security, giving it access to 75,628 individuals' names, addresses and Social Security numbers along with their medical records.

Security researchers have found that roughly eight out of ten websites featuring a search bar will leak their visitor's search terms to online advertisers like Google. While some websites may declare this practice in their user policy, visitors typically don't read these and assume that the information they enter on embedded search fields is isolated from big data brokers.

TikTok denies recent claims it was breached, and source code and user data were stolen, telling BleepingComputer that data posted to a hacking forum is "Completely unrelated" to the company. The user shared screenshots of an alleged database belonging to the companies, which they say was accessed on an Alibaba cloud instance containing data for both TikTok and WeChat users.

TikTok denies recent claims it was breached, and source code and user data were stolen, telling BleepingComputer that data posted to a hacking forum is "Completely unrelated" to the company. The user shared screenshots of an alleged database belonging to the companies, which they say was accessed on an Alibaba cloud instance containing data for both TikTok and WeChat users.