Security News

In short, it's possible to use passing Apple devices to sneak out portions of information from one place to another, such as a computer on the other side of the world, over the air without any other network connectivity. Participating devices broadcast over BLE to other nearby attentive Apple devices, which in turn relay data back over their network connection to Cupertino's servers.

The cybercrime syndicate behind Babuk ransomware has leaked more personal files belonging to the Metropolitan Police Department after negotiations with the DC Police broke down, warning that they intend to publish all data if their ransom demands are not met. "The negotiations reached a dead end, the amount we were offered does not suit us, we are posting 20 more personal files on officers, you can download this archive, the password will be released tomorrow. if during tomorrow they do not raise the price, we will release all the data," the gang said in a statement on their data leak site.

He also identified flaws in the way frame aggregation - combining multiple network data frames - and frame fragmentation - splitting network data frames into smaller pieces - are implemented that magnify the impact of potential attacks. The 802.11 frame aggregation flaw involves flipping an unauthenticated flag in a frame header, which allows the encrypted data payload to get parsed as if it were multiple aggregated frames instead of a simple network packet.

Babuk Locker ransomware operators have leaked personal files belonging to police officers from the Metropolitan Police Department after negotiations went stale. The ransomware gang claims the data was leaked because the amount of money the DC Police was willing to pay did not match Babuk Locker's ransom demands.

Cybercriminals are embracing data-theft extortion by creating dark web marketplaces that exist solely to sell stolen data. Using ransomware data leak sites, Maze warned victims that they would publicly leak stolen data if victims did not pay a ransom.

The Dutch government has temporarily disabled its coronavirus warning app amid data privacy concerns for people who have the app installed on phones using the Android operating system. Health Minister Hugo de Jonge announced late Wednesday that the CoronaMelder app will stop sending warnings for 48 hours while the government checks if users' data is secure.

A researcher is claiming that the credit scores of almost every American were exposed through an API tool used by the Experian credit bureau, that he said was left open on a lender site without even basic security protections. Demirkapi was surprised and decided to take a peek at the code, which showed that an connection to an Experian API was behind the tool, he said.

The ransomware gang identified as DoppelPaymer has leaked a substantial collection of files from the Illinois Office of the Attorney General on a server controlled by the cybercriminal group. The move came after ransom negotiations between the two parties broke down following a ransomware attack earlier this month, on April 10.

The vast majority of ransomware attacks now include the theft of corporate data, Coveware says, but victims of data exfiltration extortion have very little to gain by paying a cyber criminal. The data may be published before a victim can respond to an extortion attempt, and the threat actors may not provide complete records of what was taken even if the victim pays up.

Digital Ocean on Wednesday said someone was able to snoop on some of its cloud subscribers' billing information via a now-patched vulnerability. In an email to affected customers seen by The Register - and full disclosure, your Register vulture is a customer - the rent-a-server biz said that two days ago it confirmed a miscreant had gained unauthorized access to some people's account records.