Security Leftovers
-
Silicon Angle ☛ Hacktivist group ‘NullBulge’ claims breach of Disney’s Slack, releases 1TB+ of data
A self-described hacktivist group is claiming today to have hacked Walt Disney Co.’s Slack account and released more than 1.1 terabytes of stolen data from the account.
-
Bruce Schneier ☛ Hacking Scientific Citations
Some scholars are inflating their reference counts by sneaking them into metadata:
Citations of scientific work abide by a standardized referencing system: Each reference explicitly mentions at least the title, authors’ names, publication year, journal or conference name, and page numbers of the cited publication. These details are stored as metadata, not visible in the article’s text directly, but assigned to a digital object identifier, or DOI—a unique identifier for each scientific publication.
-
Wladimir Palant ☛ How insecure is Avast Secure Browser?
A while ago I already looked into Avast Secure Browser. Back then it didn’t end well for Avast: I found critical vulnerabilities allowing arbitrary websites to infect user’s computer. Worse yet: much of it was due to neglect of secure coding practices, existing security mechanisms were disabled for no good reason. I didn’t finish that investigation because I discovered that the browser was essentially spyware, collecting your browsing history and selling it via Avast’s Jumpshot subsidiary.
-
Security Week ☛ Data of Millions of mSpy Customers Leaked Online
Over 310 GB of data from mSpy, including 2.4 million email addresses and other user data, was leaked online.
-
Security Week ☛ AT&T Breach Linked to American Hacker, Telecom Giant Paid $370k Ransom: Reports [Ed: Windows TCO]
The massive AT&T breach has been linked to an American hacker living in Turkey and reports say the telecom giant paid a $370,000 ransom.
-
Security Week ☛ Ukrainian Sentenced to Prison in US for Role in Zeus, IcedID Malware Operations
Vyacheslav Igorevich Penchukov was sentenced to nine years in prison for his role in the Zeus and IcedID malware operations.
-
Silicon Angle ☛ Multiple crypto domains hijacked from Squarespace due to Surveillance Giant Google Domains migration flaw
At least a dozen organizations, primarily in cryptocurrency and decentralized finance, have had their domain names and hence their websites hijacked from Squarespace Inc. The hijacked domains belong to former Surveillance Giant Google Domains customers that had not set up new accounts with Squarespace.