Security News

The weakness was just one recent example of a backdoor in open source software for attackers to sneak malicious code onto developer and end-user systems. If experts identify the software supply as a key security challenge for 2023, the Log4j phenomenon - not to mention the much-better known SolarWinds incursion in 2019 - shed light on how protecting the process could be difficult: A vast amount of commercial software is not written in-house.

Twitter is reportedly working on finally adding end-to-end encryption for direct messages exchanged between users on the social media platform. Twitter had attempted to prototype an E2EE system back in 2018, naming it "Secret Conversation," but it never materialized as a finished product and was later abandoned.

File hosting service Dropbox on Tuesday disclosed that it was the victim of a phishing campaign that allowed unidentified threat actors to gain unauthorized access to 130 of its source code repositories on GitHub."These repositories included our own copies of third-party libraries slightly modified for use by Dropbox, internal prototypes, and some tools and configuration files used by the security team," the company revealed in an advisory.

Chipmaker Intel has confirmed that proprietary source code related to its Alder Lake CPUs has been leaked, following its release by an unknown third-party on 4chan and GitHub last week. The published content contains Unified Extensible Firmware Interface code for Alder Lake, the company's 12th generation processors that was originally launched in November 2021.

Intel has confirmed that a source code leak for the UEFI BIOS of Alder Lake CPUs is authentic, raising cybersecurity concerns with researchers. On Friday, a Twitter user named 'freak' posted links to what was said to be the source code for Intel Alder Lake's UEFI firmware, which they claim was released by 4chan.

Authentication service provider and Okta subsidiary Auth0 has disclosed what it calls a "Security event" involving some of its code repositories."In late August, a third-party individual notified Okta that they possessed a copy of certain Auth0 code repositories dating from October 2020 and earlier," Auth0 revealed.

The big story from last month was the LastPass breach, in which an attacker apparently got access to just one part of the LastPass network, but was able to make off with the company's proprietary source code. LastPass has now published an official follow-up report on the incident, based on what it has been able to figure out about the attack and the attackers in the aftermath of the intrusion.

Take-Two Interactive confirmed on Monday that its Rockstar Games subsidiary has been compromised and confidential data for Grand Theft Auto 6 has been stolen. The biz said work on Grand Theft Auto 6 will continue as planned and that the game's development and release schedule should not be affected.

Grand Theft Auto 6 gameplay videos and source code have been leaked after a hacker allegedly breached Rockstar Game's Slack server and Confluence wiki.Some of the videos contain voiced conversations between the protagonist and other NPCs. The hacker claims to have stolen "GTA 5 and 6 source code and assets, GTA 6 testing build," but is trying to extort Rockstar Games to prevent further data from being released.

TikTok denies recent claims it was breached, and source code and user data were stolen, telling BleepingComputer that data posted to a hacking forum is "Completely unrelated" to the company. The user shared screenshots of an alleged database belonging to the companies, which they say was accessed on an Alibaba cloud instance containing data for both TikTok and WeChat users.