Security News

TikTok denies security breach after hackers leak user data, source code
2022-09-05 13:52

TikTok denies recent claims it was breached, and source code and user data were stolen, telling BleepingComputer that data posted to a hacking forum is "Completely unrelated" to the company. The user shared screenshots of an alleged database belonging to the companies, which they say was accessed on an Alibaba cloud instance containing data for both TikTok and WeChat users.

TikTok denies hack following leak of user data, source code
2022-09-05 13:52

TikTok denies recent claims it was breached, and source code and user data were stolen, telling BleepingComputer that data posted to a hacking forum is "Completely unrelated" to the company. The user shared screenshots of an alleged database belonging to the companies, which they say was accessed on an Alibaba cloud instance containing data for both TikTok and WeChat users.

IRS data leak exposes personal info of 120,000 taxpayers
2022-09-03 20:39

On Friday, the IRS disclosed that in addition to sharing Form 990-T data for charities, they also accidentally included data for taxpayers' IRAs that was not meant to be public. "The IRS recently discovered that some machine-readable Form 990-T data made available for bulk download section on the Tax Exempt Organization Search should not have been made public," the IRS disclosed on Friday.

New 'Donut Leaks' extortion gang linked to recent ransomware attacks
2022-08-23 15:06

A new data extortion group named 'Donut Leaks' is linked to recent cyberattacks, including those on Greek natural gas company DESFA, UK architectural firm Sheppard Robson, and multinational construction company Sando. Strangely, the data for these victims have now appeared on the data leak site for a previously unknown extortion gang known as Donut Leaks.

ETHERLED: Air-gapped systems leak data via network card LEDs
2022-08-23 11:28

Israeli researcher Mordechai Guri has discovered a new method to exfiltrate data from air-gapped systems using the LED indicators on network cards. These systems work in air-gapped networks and still use a network card.

New Air-Gap Attack Uses MEMS Gyroscope Ultrasonic Covert Channel to Leak Data
2022-08-23 04:23

A novel data exfiltration technique has been found to leverage a covert ultrasonic channel to leak sensitive information from isolated, air-gapped computers to a nearby smartphone that doesn't even require a microphone to pick up the sound waves. "Our malware generates ultrasonic tones in the resonance frequencies of the MEMS gyroscope," Dr. Guri said in a new paper published this week.

Novant Health admits leak of 1.3m patients' info to Facebook
2022-08-22 22:00

Novant Health confirmed that it may have disclosed 1.3 million patients' sensitive data, including email addresses, phone numbers, financial information - even doctor's appointment details - to Meta. Novant finally copped to sending letters to "Some of its patients following possible disclosure of protected health information resulting from an incorrect configuration of a pixel, an online tracking tool," in a statement released late on Friday.

LockBit gang hit by DDoS attack after threatening to leak Entrust ransomware data
2022-08-22 16:08

The LockBit ransomware group last week claimed responsibility for an attack on cybersecurity vendor in June. LockBitSupp, the public face of LockBit that interacts with companies and cybersecurity researchers, told Shukuhi that the group's data leak site was getting 400 requests a second from more than 1,000 servers and that the group promised to add more resources to the site and to "Drain the ddosers money," he wrote.

LockBit ransomware blames Entrust for DDoS attacks on leak sites
2022-08-22 14:39

The LockBit ransomware operation's data leak sites have been shut down over the weekend due to a DDoS attack telling them to remove Entrust's allegedly stolen data. Soon after they started leaking data, researchers began reporting that the ransomware gang's Tor data leak sites were unavailable due to a DDoS attack.

Two years on, Apple iOS VPNs still leak IP addresses
2022-08-19 07:37

Apple has left a VPN bypass vulnerability in iOS unfixed for at least two years, leaving identifying IP traffic data exposed, and there's no sign of a fix. Earlier this year, Michael Horowitz, a veteran software developer and consultant, revisited the situation and found that VPNs on iOS are still vulnerable and leaking data.