Security News

533 million Facebook users’ phone numbers leaked on hacker forum
2021-04-03 18:48

The mobile phone numbers and other personal information for approximately 533 million Facebook users worldwide has been leaked on a popular hacker forum for free. The sold data included 533,313,128 Facebook users, with information such as a member's mobile number, Facebook ID, name, gender, location, relationship status, occupation, and email addresses.

GitHub Arctic Vault likely contains leaked MedData patient records
2021-04-02 08:26

GitHub Arctic Code Vault has likely captured sensitive patient medical records from multiple healthcare facilities in a data leak attributed to MedData. These rolls of films were then shipped off to the GitHub Arctic Code Vault, situated in a remote coal mine, deep under an Arctic mountain in Svalbard, Norway, which is relatively close to the North Pole.

GitHub Arctic Vault likely has leaked MedData patient records
2021-04-02 08:26

GitHub Arctic Code Vault has likely captured sensitive patient medical records from multiple healthcare facilities in a data leak attributed to MedData. These rolls of films were then shipped off to the GitHub Arctic Code Vault, situated in a remote coal mine, deep under an Arctic mountain in Svalbard, Norway, which is relatively close to the North Pole.

GitHub Arctic Vault captures leaked patient medical data for 1,000 years
2021-04-02 08:26

GitHub Arctic Code Vault has likely captured sensitive patient medical records from multiple healthcare facilities in a data leak attributed to MedData. These rolls of films were then shipped off to the GitHub Arctic Code Vault, situated in a remote coal mine, deep under an Arctic mountain in Svalbard, Norway, which is relatively close to the North Pole.

Swiss security provocateur who leaked Intel secrets indicted by US authorities
2021-03-19 04:59

Readers may remember Kottman pointed out holes in a security skills assessment website run by Deloitte, dropped 20GB of Intel secrets onto the web and shamed the security of DevOps tool SonarQube by releasing third-party code created with the project. Illegally accessing computers belonging to a security device manufacturer located in the Western District of Washington and stealing proprietary data.

WeLeakInfo Leaked Customer Payment Info
2021-03-15 13:05

Now, nearly 24,000 WeLeakInfo's customers are finding that the personal and payment data they shared with WeLeakInfo over its five-year-run has been leaked online. In a post on the database leaking forum Raidforums, a regular contributor using the handle "Pompompurin" said he stole the WeLeakInfo payment logs and other data after noticing the domain wli[.

Oh SITA: Airline IT provider confirms passenger data leaked after major 'cyber-attack'
2021-03-05 16:01

SITA didn't elaborate on the nature or extent of the attack, other than to describe it as "Highly sophisticated but limited." According to its own disclosure, the attackers obtained passenger records from servers hosted in an Atlanta, Georgia data centre operated by an American subsidiary. "The data in question relates exclusively to service card numbers, status level and in some cases names. Unfortunately, your customer data is also affected. You can rest assured that no passwords, email addresses or other personal customer data were stolen in the incident."

Qualys hit with ransomware: Customer invoices leaked on extortionists' Tor blog
2021-03-03 17:00

Files appearing to originate from Qualys were dumped online this afternoon on the Tor blog of the Clop criminal extortionists. Ransomware gang specialist Brett Callow, of infosec biz Emsisoft, told The Register: "Entities that have had dealings with Qualys should be on high alert."

Should You Be Concerned About the Recently Leaked Spectre Exploits?
2021-03-03 12:22

A researcher revealed on Monday that some exploits for the notorious CPU vulnerability known as Spectre were uploaded recently to the VirusTotal malware analysis service. In a blog post titled Spectre exploits in the "Wild", researcher Julien Voisin shared a brief analysis of a Spectre exploit for Linux that had been uploaded to VirusTotal in early February.

Chinese Hackers Had Access to a U.S. Hacking Tool Years Before It Was Leaked Online
2021-02-25 23:37

On August 13, 2016, a hacking unit calling itself "The Shadow Brokers" announced that it had stolen malware tools and exploits used by the Equation Group, a sophisticated threat actor believed to be affiliated to the Tailored Access Operations unit of the U.S. National Security Agency. "The caught-in-the-wild exploit of CVE-2017-0005, a zero-day attributed by Microsoft to the Chinese APT31, is in fact a replica of an Equation Group exploit codenamed 'EpMe,'" Check Point researchers Eyal Itkin and Itay Cohen said.