Security News

Hacker leaks 20 million alleged BigBasket user records for free
2021-04-25 20:28

A threat actor has leaked approximately 20 million BigBasket user records containing personal information and hashed passwords on a popular hacking forum. This morning, a well-known seller of data breaches known as ShinyHunters posted a database for free on a hacker forum that he claims was stolen from BigBasket.

Hackers threaten to leak stolen Apple blueprints if $50 million ransom isn't paid
2021-04-24 00:39

Prominent Apple supplier Quanta on Wednesday said it suffered a ransomware attack from the REvil ransomware group, which is now demanding the iPhone maker pay a ransom of $50 million to prevent leaking sensitive files on the dark web. In a post shared on its deep web "Happy Blog" portal, the threat actor said it came into possession of schematics of the U.S. company's products such as MacBooks and Apple Watch by infiltrating the network of the Taiwanese manufacturer, claiming it's making a ransom demand to Apple after Quanta expressed no interest in paying to recover the stolen blueprints.

Apple AirDrop has “significant privacy leak”, say German researchers
2021-04-23 18:59

The paper itself has a neutrally worded title that simply states the algorithm that it introduces, namely: PrivateDrop: Practical Privacy-Preserving Authentication for Apple AirDrop. For those who don't have iPhones or Macs, AirDrop is a surprisingly handy but proprietary Apple protocol that lets you share files directly but wirelessly with other Apple users nearby.

Apple, you've AirDrop'd the ball: Academics detail ways to leak contact info of nearby iThings for spear-phishing
2021-04-22 08:16

A bug-hunting team at Technische Universität Darmstadt in Germany reverse engineered AirDrop - iOS and macOS's ad-hoc over-the-air file-sharing service - and found that senders and receivers may leak their contact details in the process. Despite the team alerting Apple to the oversight in May 2019, and suggesting ways to address it last October, the iGiant hasn't issued a fix.

Facebook leaks strategy to numb reaction to data scraping incidents
2021-04-21 14:02

Facebook's long-term strategy is to desensitize users about leaked data dumps that were collected through scraping the public portion of the social network. The data also contained private phone numbers collected because of a vulnerability that Facebook fixed in August 2019, the company told BleepingComputer.

Would be so cool if everyone normalized these pesky data leaks, says data-leaking Facebook in leaked memo
2021-04-20 19:51

Facebook wants you to believe that the scraping of 533 million people's personal data from its platform, and the dumping of that data online by nefarious people, is something to be "Normalised." A blundering Facebook public relations operative managed to send a journalist a copy an internal document detailing the antisocial network's strategy for containing the leaking of 533 million accounts - and what the memo contained was infuriating though unsurprising.

Major BGP leak disrupts thousands of networks globally
2021-04-17 07:33

A large BGP routing leak that occurred last night disrupted the connectivity for thousands of major networks and websites around the world. Although the BGP routing leak occurred in Vodafone's autonomous network based in India, it has impacted U.S. companies, including Google, according to sources.

Update on PHP source code compromise: User database leak suspected
2021-04-07 14:38

PHP maintainer Nikita Popov has posted an update concerning how the source code was compromised and malicious code inserted - blaming a user database leak rather than a problem with the server itself. The PHP code repository was compromised late last month with the insertion of code that, if left in place, would have enabled a backdoor into any web server running it.

Facebook attributes 533 million users' data leak to "scraping" not hacking
2021-04-07 10:27

From the Facebook data samples seen by BleepingComputer, almost every user record had a mobile phone number, a Facebook ID, a name, and the member's gender associated with it. Facebook has shed some light on the recent data leak comprising 533 million Facebook user profiles, data from which was posted on a hacker forum last week.

Facebook Says Hackers 'Scraped' Data of 533 Million Users in 2019 Leak
2021-04-07 02:15

Facebook said Tuesday that hackers "Scraped" personal data of some half-billion users back in 2019 by taking advantage of a feature designed to help people easily find friends using contact lists. A trove of information about more than 530 million Facebook users was shared over the weekend at a hacker forum, prompting the leading social network to explain what happened and call on people to be vigilant about privacy settings.