Security News
TikTok denies recent claims it was breached, and source code and user data were stolen, telling BleepingComputer that data posted to a hacking forum is "Completely unrelated" to the company. The user shared screenshots of an alleged database belonging to the companies, which they say was accessed on an Alibaba cloud instance containing data for both TikTok and WeChat users.
TikTok denies recent claims it was breached, and source code and user data were stolen, telling BleepingComputer that data posted to a hacking forum is "Completely unrelated" to the company. The user shared screenshots of an alleged database belonging to the companies, which they say was accessed on an Alibaba cloud instance containing data for both TikTok and WeChat users.
On Friday, the IRS disclosed that in addition to sharing Form 990-T data for charities, they also accidentally included data for taxpayers' IRAs that was not meant to be public. "The IRS recently discovered that some machine-readable Form 990-T data made available for bulk download section on the Tax Exempt Organization Search should not have been made public," the IRS disclosed on Friday.
A new data extortion group named 'Donut Leaks' is linked to recent cyberattacks, including those on Greek natural gas company DESFA, UK architectural firm Sheppard Robson, and multinational construction company Sando. Strangely, the data for these victims have now appeared on the data leak site for a previously unknown extortion gang known as Donut Leaks.
Israeli researcher Mordechai Guri has discovered a new method to exfiltrate data from air-gapped systems using the LED indicators on network cards. These systems work in air-gapped networks and still use a network card.
A novel data exfiltration technique has been found to leverage a covert ultrasonic channel to leak sensitive information from isolated, air-gapped computers to a nearby smartphone that doesn't even require a microphone to pick up the sound waves. "Our malware generates ultrasonic tones in the resonance frequencies of the MEMS gyroscope," Dr. Guri said in a new paper published this week.
Novant Health confirmed that it may have disclosed 1.3 million patients' sensitive data, including email addresses, phone numbers, financial information - even doctor's appointment details - to Meta. Novant finally copped to sending letters to "Some of its patients following possible disclosure of protected health information resulting from an incorrect configuration of a pixel, an online tracking tool," in a statement released late on Friday.
The LockBit ransomware group last week claimed responsibility for an attack on cybersecurity vendor in June. LockBitSupp, the public face of LockBit that interacts with companies and cybersecurity researchers, told Shukuhi that the group's data leak site was getting 400 requests a second from more than 1,000 servers and that the group promised to add more resources to the site and to "Drain the ddosers money," he wrote.
The LockBit ransomware operation's data leak sites have been shut down over the weekend due to a DDoS attack telling them to remove Entrust's allegedly stolen data. Soon after they started leaking data, researchers began reporting that the ransomware gang's Tor data leak sites were unavailable due to a DDoS attack.
Apple has left a VPN bypass vulnerability in iOS unfixed for at least two years, leaving identifying IP traffic data exposed, and there's no sign of a fix. Earlier this year, Michael Horowitz, a veteran software developer and consultant, revisited the situation and found that VPNs on iOS are still vulnerable and leaking data.