Developer site Stack Overflow has published details of a breach dating back to May 2019, finding evidence that an intruder in its systems made extensive use of Stack Overflow itself to determine how to make the next move. At the time, the company reported that an unauthorised person had logged into its development system and escalated their access to the production version of stackoverflow.com. The source code for the site as well as the names, IP addresses and email addresses of 184 users was stolen. READ MORE...
The U.S. Justice Department announced today the disruption of the Netwalker ransomware operation and the indictment of a Canadian national for alleged involvement in the file-encrypting extortion attacks. Earlier today, BleepingComputer reported that law enforcement in the U.S. and Bulgaria seized Netwalker sites on the dark web used for leaking data from non-paying victims and for negotiating payments for data decryption. READ MORE...
Apple says it will roll out a new privacy control in the spring to prevent iPhone apps from secretly shadowing people. The delay in its anticipated rollout aims to placate Facebook and other digital services that depend on such data surveillance to help sell ads. After delaying the planned September introduction of the safeguard amid a Facebook-led outcry, Apple had previously said it would come out early this year. Apple released the latest update as part of Data Privacy Day. READ MORE...
Android users should watch out for new wormable malware that spreads through WhatsApp and lures the prospective victims into downloading an app from a website masquerading as Google Play. ESET malware researcher Lukas Stefanko looked under the hood of this Android nasty. "This malware spreads via the victim's WhatsApp, automatically replying to any WhatsApp message notification with a link to a fake and malicious Huawei Mobile app," said Stefanko. READ MORE...
The TeamTNT threat group has added a new detection-evasion tool to its arsenal, helping its cryptomining malware skirt by defense teams. The TeamTNT cybercrime group is known for cloud-based attacks, including targeting Amazon Web Services (AWS) credentials in order to break into the cloud and use it to mine for the Monero cryptocurrency. It has also previously targeted Docker and Kubernetes cloud instances. The new detection-evasion tool, libprocesshider, is copied from open-source repositories. READ MORE...
U.S. law enforcement officials say they've arrested an infamous far-right troll for allegedly using social media to spread disinformation in support of Donald Trump in the 2016 election. Douglass Mackey, a 31-year-old Florida man, is accused of using Twitter and other platforms to disenfranchise voters by encouraging them to vote via text or social media, which are invalid voting methods. Law enforcement officials arrested Mackey, who was better known as Ricky Vaughn on social media. READ MORE...
Encrypted service providers are urging lawmakers to back away from a controversial plan that critics say would undercut effective data protection measures. ProtonMail, Threema, Tresorit and Tutanota - all European companies that offer some form of encrypted services - issued a joint statement this week declaring that a resolution the European Council adopted on Dec. 14 is ill-advised. That measure calls for "security through encryption and security despite encryption." READ MORE...
Verizon Fios is experiencing an Internet outage making it impossible to access many websites after a fiber connection was cut in Brooklyn. Starting at approximately 11:00 AM EST, Verizon Fios users found they were no longer able to access popular services, such as Google, Slack, Microsoft Teams, Azure, and even Verizon's own website and My verizon app to check for known outages. According to DownDetector, the outage is affecting locations in the northeast of the United States. READ MORE...