<img src="https://secure.ruth8badb.com/159098.png" alt="" style="display:none;">

IT Security Newsletter - 10/2/2025

SHARE

Breaches

766,000 Impacted by Data Breach at Dealership Software Provider Motility

Dealership software company Motility Software Solutions is notifying over 766,000 people that their personal information was compromised in a ransomware attack. A provider of software for recreational vehicle and power sport dealers, Motility discovered the incident on August 19, after hackers accessed servers that support the company's business operations. The attackers deployed file-encrypting ransomware on its systems, but also stole files containing customers' personal information. READ MORE...


1.5 Million Impacted by Allianz Life Data Breach

Insurance giant Allianz subsidiary Allianz Life Insurance Company of North America is notifying roughly 1.5 million people that their personal information was stolen in a July data breach. The incident occurred on July 16 and involved a third-party cloud-based customer relationship management (CRM) system used by Allianz Life. Only Allianz Life in the US was impacted, the company said, adding that most of its roughly 1.4 million customers were likely affected, without sharing an exact number. READ MORE...

Hacking

Oracle customers being bombarded with emails claiming widespread data theft

Attackers appearing to be aligned with the Clop ransomware group have sent emails to Oracle customers seeking extortion payments, claiming they stole data from the tech giant's E-Business Suite, according to researchers who spoke with CyberScoop. Researchers haven't confirmed the veracity of Clop's claimed data theft, but multiple investigations into Oracle environments belonging to organizations that received the emails are underway. READ MORE...


Cybercrims claim raid on 28,000 Red Hat repos, say they have sensitive customer files

A hacking crew claims to have broken into Red Hat's private GitHub repositories, exfiltrating some 570GB of compressed data, including sensitive documents belonging to customers. An extortion group calling itself "the Crimson Collective" posted on Telegram that it accessed more than 28,000 internal repos and stole hundreds of Customer Engagement Reports (CERs) in messages seen by The Register. READ MORE...

Malware

ProSpy and ToSpy: New spyware families impersonating secure messaging apps

ESET researchers have found two Android spyware campaigns aimed at people looking for secure messaging apps such as Signal and ToTok. The attackers spread the spyware through fake websites and social engineering. Researchers identified two previously unknown spyware families. Android/Spy.ProSpy poses as upgrades or add-ons for the Signal app and the discontinued ToTok app, while Android/Spy.ToSpy pretends to be the ToTok app itself. READ MORE...


Scam Facebook groups send malicious Android malware to seniors

An infostealer and banking Trojan rolled into one is making the rounds in Facebook groups aimed at "active seniors". Attackers used social engineering methods to lure targets into joining fake Facebook groups that appeared to promote travel and community activities-such as trips, dance classes, and community gatherings. Once people joined, they were invited to download an Android app to "register" for those offered activities. READ MORE...

Information Security

Sendit tricked kids, harvested their data, and faked messages, FTC claims

The Federal Trade Commission (FTC) has sued Sendit's parent company, saying it signed up children under 13, collected their personal data, and misled them with fake messages and recurring bills. The lawsuit, filed against the app's owner Iconic Hearts Holdings Inc and CEO Hunter Rice, alleges the company let users under the age of 13 sign up for Sendit and collected personal information about these users without parental consent-violating the Children's Online Privacy Protection Rule (COPPA). READ MORE...


That annoying SMS phish you just got may have come from a box like this

Scammers have been abusing unsecured cellular routers used in industrial settings to blast SMS-based phishing messages in campaigns that have been ongoing since 2023, researchers said. The routers, manufactured by China-based Milesight IoT Co., Ltd., are rugged Internet of Things devices that use cellular networks to connect traffic lights, electric power meters, and other sorts of remote industrial devices to central hubs. READ MORE...

Exploits/Vulnerabilities

Your Favourite Phone Apps Might be Leaking Your Company's Secrets

Think about the apps on your phone right now. Your banking app, your working email, the food delivery app: each one is talking to a server somewhere - sending and receiving data through messages sent through APIs, the underlying infrastructure that allows apps to communicate. And here's the problem - hackers have determined that the APIs of mobile apps, when left visible and exploitable, can be a goldmine. READ MORE...

On This Date

  • ...in 1950, Charles Schulz's comic strip "Peanuts" first appears. By the late 1960s, it would run in over 2,600 newspapers worldwide.
  • ...in 1951, English musician and actor Sting is born in Wallsend, Northumberland.
  • ...in 1959, screenwriter Rod Serling's dark sci-fi/horror anthology series "The Twilight Zone" debuts on CBS.
  • ...in 1967, Thurgood Marshall is sworn in as the first African-American justice of United States Supreme Court.