Security News

The publicly released Facebook user data is believed to be part of a 2019 "Add Friend" Facebook security bug exploited by hackers at the time. The types of data include Facebook user mobile phone numbers, their Facebook ID, name and gender information.

Retailers around the world are increasing their fraud teams and budgets because of a significant rise in all types of online fraud during the pandemic, a research by Ravelin finds. 72% of retail brands around the world expect to grow fraud teams in the next year, while 76% predict their budget to tackle fraud will increase in the next 12 months - with 20% expecting a "Significant" increase.

A bipartisan group of US senators on Friday sent letters to major digital ad exchanges, including Google and Twitter, asking whether user data was sold to foreign entities who could use it for blackmail or other malicious ends. In the real-time bidding process to decide which personalized ads a user sees when a web page loads, hundreds of businesses receive a user's personal information, including search history, IP address, age and gender.

Source Defense provides in-depth analysis of the client-side threat landscape and specific attacks like formjacking, Magecart and web browser threats. The research offers a rare window on web security sentiments for a population relying almost exclusively on websites for all manner of shopping, healthcare, financial services and other essential needs during the pandemic.

Royal Dutch Shell is the latest corporation to be attacked by the Clop ransomware gang. It attempted to downplay the impact noting that "There is no evidence of any impact to Shell's core IT systems," and the server accessed was "Isolated from the rest of Shell's digital infrastructure." But it did acknowledge that the crooks had probably grabbed "Some personal data and... data from Shell companies and some of their stakeholders."

Royal Dutch Shell is the latest corporation to be attacked by the Clop ransomware gang. It attempted to downplay the impact noting that "There is no evidence of any impact to Shell's core IT systems," and the server accessed was "Isolated from the rest of Shell's digital infrastructure." But it did acknowledge that the crooks had probably grabbed "Some personal data and... data from Shell companies and some of their stakeholders."

Royal Dutch Shell is the latest corporation to be attacked by the Clop ransomware gang. It attempted to downplay the impact noting that "There is no evidence of any impact to Shell's core IT systems," and the server accessed was "Isolated from the rest of Shell's digital infrastructure." But it did acknowledge that the crooks had probably grabbed "Some personal data and... data from Shell companies and some of their stakeholders."

Indonesian officials have asked its nation's citizens to stop leaking their own personal data on social media by sharing pictures of certificates attesting to their receipt of COVID-19 vaccinations. In a Tuesday press conference, Indonesia's COVID-19 task force spokesman Wiku Adisasmito explained that the certificates include a QR code that, when scanned, can yield personal medical data.

Bulk SMS messages sent by local councils across the UK contained weblinks leading to pages that freely exposed to the public thousands of taxpayers' names, addresses, and outstanding debts, The Register can reveal. Text messages sent by Telsolutions Ltd on behalf of a dozen local authorities contained shortlinks to webpages urging council tax defaulters to pay up - and in a dozen cases seen by The Register there was little or no authentication protecting personal data from prying eyes.

Almost 10 days after application security company F5 Networks released patches for critical vulnerabilities in its BIG-IP and BIG-IQ products, adversaries have begun opportunistically mass scanning and targeting exposed and unpatched networking devices to break into enterprise networks. News of in the wild exploitation comes on the heels of a proof-of-concept exploit code that surfaced online earlier this week by reverse-engineering the Java software patch in BIG-IP. The mass scans are said to have spiked since March 18.