Security News

More than 100 million Android users are at risk after 23 different mobile apps were found to leak personal data in the wake of rampant cloud misconfigurations. In the case of at least two of the apps, cloud keys were exposed with no safeguards, according to the researchers.

One of America's largest broadband providers, has now deployed RPKI on its network to defend against BGP route hijacks and leaks. "In practical terms, it means that Comcast now both cryptographically signs route information and validates the cryptographic signatures of other networks' route information."
![S3 Ep33: Eufy camera leak, Afterburner crisis, and AirTags (again) [Podcast]](/static/build/img/news/s3-ep33-eufy-camera-leak-afterburner-crisis-and-airtags-again-podcast-small.jpg)
We look into an unnerving case of mixed-up video feeds. We warn you against "Going rogue" when you can't get the download you want from the regular place.

IT pro Rob Dyke says an NHS-backed company not only threatened him with legal action after he flagged up an exposed GitHub repository containing credentials and insecure code, it even called the police on him. What happened next united infosec professionals across the world as well as triggering a crowdfundraiser and a behind-the-scenes legal war: we're told Apperta sent Dyke legal demands, and followed those up by alleging to the cops that he broke Britain's computer security laws.

In short, it's possible to use passing Apple devices to sneak out portions of information from one place to another, such as a computer on the other side of the world, over the air without any other network connectivity. Participating devices broadcast over BLE to other nearby attentive Apple devices, which in turn relay data back over their network connection to Cupertino's servers.

The cybercrime syndicate behind Babuk ransomware has leaked more personal files belonging to the Metropolitan Police Department after negotiations with the DC Police broke down, warning that they intend to publish all data if their ransom demands are not met. "The negotiations reached a dead end, the amount we were offered does not suit us, we are posting 20 more personal files on officers, you can download this archive, the password will be released tomorrow. if during tomorrow they do not raise the price, we will release all the data," the gang said in a statement on their data leak site.

He also identified flaws in the way frame aggregation - combining multiple network data frames - and frame fragmentation - splitting network data frames into smaller pieces - are implemented that magnify the impact of potential attacks. The 802.11 frame aggregation flaw involves flipping an unauthenticated flag in a frame header, which allows the encrypted data payload to get parsed as if it were multiple aggregated frames instead of a simple network packet.

Babuk Locker ransomware operators have leaked personal files belonging to police officers from the Metropolitan Police Department after negotiations went stale. The ransomware gang claims the data was leaked because the amount of money the DC Police was willing to pay did not match Babuk Locker's ransom demands.

Cybercriminals are embracing data-theft extortion by creating dark web marketplaces that exist solely to sell stolen data. Using ransomware data leak sites, Maze warned victims that they would publicly leak stolen data if victims did not pay a ransom.

The Dutch government has temporarily disabled its coronavirus warning app amid data privacy concerns for people who have the app installed on phones using the Android operating system. Health Minister Hugo de Jonge announced late Wednesday that the CoronaMelder app will stop sending warnings for 48 hours while the government checks if users' data is secure.