Security News

The Egregor ransomware gang has reportedly taken responsibility for the Barnes & Noble cyberattack, first disclosed on Oct. 15. The bookseller warned last week that it had been hacked in emailed notices to customers, noting that a cyberattack happened on Oct. 10, "Which resulted in unauthorized and unlawful access to certain Barnes & Noble corporate systems."

UPDATE. Pharma giant Pfizer has leaked the private medical data of prescription-drug users in the U.S. for months or even years, thanks to an unprotected Google Cloud storage bucket. Some of the transcripts were related to conversations about Advil, which is manufactured by Pfizer in a joint venture with GlaxoSmithKline.

ThunderX has changed its name to Ranzy Locker and launched a data leak site where they shame victims who do not pay the ransom. The ransomware operators quickly fixed their bugs and released a new version of the ransomware under Ranzy Locker name.

Because its technology underpins these customers' basic interactions with patients, clients, partners, suppliers and others, plenty of personal data flows through Broadvoice's cloud-based systems. The cache of data included records with personal details of Broadvoice clients' customers, they noted.

Software AG has seemingly been hit by ransomware, with the German IT giant itself telling the Euro nation's stock market it had been "Affected by a malware attack." In a notification to the German stock market published earlier this week, Software AG said: "The IT infrastructure of Software AG is affected by a malware attack since the evening of 3 October 2020.".

All 100 apps were analyzed using an array of static application security testing and dynamic application security testing techniques based on the OWASP mobile app security guidelines. The vast majority of medical apps have mishandled and/or weak encryption that puts them at risk for data exposure and IP theft.

Twitter last week started sending emails to developers to inform them of a vulnerability that might have resulted in the disclosure of developer information, including API keys. Designed to provide developers using the Twitter platform and APIs with access to documentation, community discussion, and other type of information, the portal also offers app and API key management functionality.

The source code for Windows XP and other elderly Microsoft operating systems appears to have leaked online as the mega-corp's Ignite developer shindig came to an end. The source of the alleged code leak is unclear; a torrent for the archive popped up on internet armpit 4chan and contains what appears to be Windows XP Service Pack 1, as well as some other past-their-sell-by-date flavours of Microsoft's greatest hits.

Microsoft earlier this month exposed a 6.5TB Elastic server to the world that included search terms, location coordinates, device ID data, and a partial list of which URLs were visited. The data appears to be generated by the Bing mobile app, which promises users "Getting rewarded is easy, just search with the Bing," and has been downloaded more than 10 million times from Google's Play Store at least.

WizCase experts have identified an unprotected Elasticsearch server that contained terabytes of data pertaining to users of Microsoft's Bing mobile application. White hat hacker Ata Hakcil, who identified the leak, was able to confirm that the Elasticsearch server belonged to Microsoft's Bing mobile app by installing the application and running a search for WizCase.