This posting is here to collect cyber security news in January 2023.
I post links to security vulnerability news to comments of this article.
You are also free to post related links to comments.
This posting is here to collect cyber security news in January 2023.
I post links to security vulnerability news to comments of this article.
You are also free to post related links to comments.
446 Comments
Tomi Engdahl says:
Ax Sharma / BleepingComputer:
PyTorch identifies a malicious dependency that uses its “torchtriton” library name, warning users to uninstall the framework; the hacker claims ethical research
PyTorch discloses malicious dependency chain compromise over holidays
https://www.bleepingcomputer.com/news/security/pytorch-discloses-malicious-dependency-chain-compromise-over-holidays/
PyTorch has identified a malicious dependency with the same name as the framework’s ‘torchtriton’ library. This has led to a successful compromise via the dependency confusion attack vector.
PyTorch admins are warning users who installed PyTorch-nightly over the holidays to uninstall the framework and the counterfeit ‘torchtriton’ dependency.
From computer vision to natural language processing, the open source machine learning framework PyTorch has gained prominence in both commercial and academic realms.
Malicious library targets PyTorch-nightly users
Between December 25th and December 30th, 2022, users who installed PyTorch-nightly should ensure their systems were not compromised, PyTorch team has warned.
The warning follows a ‘torchtriton’ dependency that appeared over the holidays on the Python Package Index (PyPI) registry, the official third-party software repository for Python.
“Since the PyPI index takes precedence, this malicious package was being installed instead of the version from our official repository. This design enables somebody to register a package by the same name as one that exists in a third party index, and pip will install their version by default,” writes PyTorch team in a disclosure published yesterday.
At the time of writing, BleepingComputer observed the malicious ‘torchtriton’ dependency had exceeded 2,300 downloads in the past week.
This type of supply chain attack is known as “dependency confusion,” as first reported by BleepingComputer in 2021, just as the attack vector was popularized by ethical hacker Alex Birsan.
Not only does the malicious ‘torchtriton’ survey your system for basic fingerprinting info (such as IP address, username, and current working directory), it further steals sensitive data
It then uploads all of this data, including file contents, to the h4ck.cfd domain via encrypted DNS queries using the wheezy.io DNS server.
PyTorch explains, the malicious ‘triton’ binary contained within the counterfeit ‘torchtriton’ is only executed when the user imports ‘triton’ package in their build. This would require explicit code and is not PyTorch’s default behavior.
Tomi Engdahl says:
Police: Thief used computer code to steal from employer in ‘Office Space’-style scheme
https://justthenews.com/nation/crime/police-thief-used-computer-code-steal-employer-office-space-style-scheme
Police in Seattle are accusing a man of stealing hundreds of thousands of dollars from his employer using a scheme adopted from a classic late 1990s comedy movie.
Tomi Engdahl says:
Microsoftin palveluissa on ongelmia maailmanlaajuisesti https://www.is.fi/digitoday/art-2000009302880.html
Microsoft kertoo, että sen Onedrive-pilvipalvelussa ja Skype-viestimessä on ongelmia. Yhtiö tiedotti asiasta puoli kahdentoista aikaan aamupäivällä Suomen aikaa. Microsoftin mukaan ongelman syyt ovat teknisiä ja liitty. Jotkut käyttäjät Twitterissä raportoivat laajemmistakin ongelmista Microsoftin palveluissa. Näistä ei ole kuitenkaan tarkempaa tietoa.
Tomi Engdahl says:
PyTorch: Machine Learning toolkit pwned from Christmas to New Year https://nakedsecurity.sophos.com/2023/01/01/pytorch-machine-learning-toolkit-pwned-from-christmas-to-new-year/
PyTorch is one of the most popular and widely-used machine learning toolkits out there. Unfortunately, the project was compromised by means of a supply-chain attack during the holiday season at the end of 2022, between. The attackers malevolently created a Python package called torchtriton on PyPI, the popular Python Package Index repository. Anyone unfortunate enough to install the pwned version of PyTorch during the danger period al
Tomi Engdahl says:
WordPress Security Alert: New Linux Malware Exploiting Over Two Dozen CMS Flaws https://thehackernews.com/2023/01/wordpress-security-alert-new-linux.html
WordPress sites are being targeted by a previously unknown strain of Linux malware that exploits flaws in over two dozen plugins and themes to compromise vulnerable systems. The attacks involve weaponizing a list of known security vulnerabilities in 19 different plugins and themes that are likely installed on a WordPress site, using it to deploy an implant that can target a specific websit. It’s also capable of injecting JavaScript code retrieved from a remote server in order to redirect the site visitors to an arbitrary website of the attacker’s choice.
Tomi Engdahl says:
Ransomware Attack Forces Canadian Mining Company to Shut Down Mill
https://www.securityweek.com/ransomware-attack-forces-canadian-mining-company-shut-down-mill
Canadian Copper Mountain Mining Corporation (CMMC) last week shut down its mill after falling victim to a ransomware attack.
Listed on the Toronto Stock Exchange, the firm owns most of the Copper Mountain mine. Located in southern British Columbia, the mine produces an average of 100 million pounds of copper equivalent per year.
In a cyber incident notice on its website, CMMC announced the shutdown of some of its systems, including the mill, after falling victim to a ransomware attack on December 27, 2022.
“The company has isolated operations, switched to manual processes, where possible, and the mill has been preventatively shutdown to determine the effect on its control system,” CMMC said.
https://cumtn.com/investors/press-releases/2022/copper-mountain-mining-subject-to-ransomware-attac-4881/
Tomi Engdahl says:
Google to Pay Indiana $20 Million to Resolve Privacy Suit
https://www.securityweek.com/google-pay-indiana-20-million-resolve-privacy-suit
Google will pay Indiana $20 million to resolve the state’s lawsuit against the technology giant over allegedly deceptive location tracking practices, state Attorney General Todd Rokita announced.
Tomi Engdahl says:
Dominic Ponsford / Press Gazette:
Memo: Guardian Media Group CEO Anna Bateson tells staff to continue working from home until at least January 23 after a “serious disruption” to its IT systems
Guardian offices closed until 23 January due to ongoing fallout from suspected ransomware attack
https://pressgazette.co.uk/publishers/guardian-ransomware-attack/
Staff have been told to work remotely since the incident began on 20 December.
The Guardian is continuing to be severely impacted by a suspected ransomware attack which hit the publisher’s global IT systems on 20 December.
Guardian Media Group chief executive Anna Bateson sent a note on Monday, 2 January, saying that all staff must continue to work from home. Staff have been told to work remotely since the incident began.
Bateson said: “This is a further update on the serious disruption to our network and IT systems that began before Christmas. As a result of the steps we took to secure our network, a number of key systems have been taken offline and remain unavailable.
“To reduce strain on our networks and help the enterprise tech, ESD and other involved teams focus on the most essential fixes, everyone must work from home until at least Monday 23rd January in the UK, US and Australia, unless you are specifically asked to work from our offices.”
Ransomware attacks typically involve hackers gaining access to a company’s computer system and then installing software that encrypts every document and file which can be found. The hackers then demand payment, often in Bitcoin, in order to restore systems by providing the target with the encryption key.
Tomi Engdahl says:
PyTorch discloses malicious dependency chain compromise over holidays
https://www.bleepingcomputer.com/news/security/pytorch-discloses-malicious-dependency-chain-compromise-over-holidays/
PyTorch has identified a malicious dependency with the same name as the framework’s ‘torchtriton’ library. This has led to a successful compromise via the dependency confusion attack vector.
PyTorch admins are warning users who installed PyTorch-nightly over the holidays to uninstall the framework and the counterfeit ‘torchtriton’ dependency
Tomi Engdahl says:
Data of over 200 million Deezer users stolen, leaks on hacking forum https://grahamcluley.com/data-of-over-200-million-deezer-users-stolen-leaks-on-hacking-forum/
Music-streaming service Deezer has owned up to a data breach, after hackers managed to steal the data of over 200 million of its users.
According to RestorePrivacy which first reported on the breach, the hacker released a sample 5 million stolen records on a well-known hacking forum, claiming to have a 60GB stash of stolen data, including
228 million email addresses. Deezer published a support advisory about the breach in November, shortly after the hackers post. Deezer describes the leaked data as non-sensitive information, and claims that no passwords or payment details have been exposed. Non-sensitive?
Hmm. At the very least the email addresses and other information could be used to create convicing phishing emails, and perhaps be abused by fraudsters to extract further details from Deezer users.
Tomi Engdahl says:
Poland warns of attacks by Russia-linked Ghostwriter hacking group https://www.bleepingcomputer.com/news/security/poland-warns-of-attacks-by-russia-linked-ghostwriter-hacking-group/
The Polish government is warning of a spike in cyberattacks from Russia-linked hackers, including the state-sponsored hacking group known as GhostWriter. In an announcement on Poland’s official site, the government claims that hostile cyber-activities have intensified, targeting public domains and state organizations, strategic energy and armament providers, and other crucial entities.
Tomi Engdahl says:
Royal ransomware claims attack on Queensland University of Technology https://www.bleepingcomputer.com/news/security/royal-ransomware-claims-attack-on-queensland-university-of-technology/
The Royal ransomware gang has claimed responsibility for a recent cyberattack on the Queensland University of Technology and begun to leak data allegedly stolen during the security breach. Queensland University of Technology (QUT) is one of the largest universities in Australia by the number of students (52,672), operating on a budget that surpasses one billion A$.
Tomi Engdahl says:
Raspberry Robin Worm Evolves to Attack Financial and Insurance Sectors in Europe https://thehackernews.com/2023/01/raspberry-robin-worm-evolves-to-attack.html
Financial and insurance sectors in Europe have been targeted by the Raspberry Robin worm, as the malware continues to evolve its post-exploitation capabilities while remaining under the radar. “What is unique about the malware is that it is heavily obfuscated and highly complex to statically disassemble,” Security Joes said in a new report published Monday.
Tomi Engdahl says:
The Guardian contacts data protection regulator after suspected ransomware incident https://therecord.media/the-guardian-contacts-data-protection-regulator-after-suspected-ransomware-incident/
The Guardian newspaper has contacted the United Kingdoms data protection regulator following a suspected ransomware attack on December 20. It is not currently known what, if any, personal data the attackers accessed from the 200-year-old news organization.
Tomi Engdahl says:
Los Angeles housing authority says cyberattack disrupting systems https://therecord.media/los-angeles-housing-authority-says-cyberattack-disrupting-systems/
The Housing Authority of the City of Los Angeles (HACLA) has confirmed that it is dealing with a cyberattack after the agency appeared on the leak site of the LockBit ransomware group.
Tomi Engdahl says:
https://www.securityweek.com/researcher-says-google-paid-100k-bug-bounty-smart-speaker-vulnerabilities
Tomi Engdahl says:
https://www.securityweek.com/critical-vulnerabilities-patched-synology-routers
Tomi Engdahl says:
Hacker Selling Data Allegedly Stolen From Volvo Cars Following Ransomware Attack
https://www.securityweek.com/hacker-selling-data-allegedly-stolen-volvo-cars-following-ransomware-attack
Tomi Engdahl says:
Wabtec Says Personal Information Compromised in Ransomware Attack
https://www.securityweek.com/wabtec-says-personal-information-compromised-ransomware-attack
Rail systems and locomotive manufacturer Wabtec has started sending notification letters to individuals whose personal information was stolen in a ransomware attack last year.
The US-based firm provides railway equipment, systems, and services worldwide and has offices in the Americas, Australia, and Europe. The company has roughly 27,000 employees.
In a data breach notice, Wabtec says branches in the US, Canada, UK, and Brazil were impacted by the cyberattack.
The incident was discovered on June 26, 2022, but the attackers had access to Wabtec’s network much earlier, and had deployed malware on certain systems on March 15, 2022.
Tomi Engdahl says:
High-Severity Command Injection Flaws Found in Fortinet’s FortiTester, FortiADC
https://www.securityweek.com/high-severity-command-injection-flaws-found-fortinets-fortitester-fortiadc
Cybersecurity solutions provider Fortinet this week announced patches for several vulnerabilities across its product portfolio and informed customers about a high-severity command injection bug in FortiADC.
Tracked as CVE-2022-39947 (CVSS score of 8.6), the security defect was identified in the FortiADC web interface and could lead to arbitrary code execution.
“An improper neutralization of special elements used in an OS command vulnerability in FortiADC may allow an authenticated attacker with access to the web GUI to execute unauthorized code or commands via specifically crafted HTTP requests,” Fortinet explains.
The issue impacts FortiADC versions 5.4.x, 6.0.x, 6.1.x, 6.2.x, and 7.0.x, and will be addressed with the release of FortiADC 6.2.4 and 7.0.2, Fortinet notes in its advisory.
Three other vulnerabilities that Fortinet addressed this week have a severity rating of ‘medium’ and are described as an incorrect user management issue in FortiManager leading to passwordless admin in FortiGate, an improper neutralization of input bug in FortiPortal leading to cross-site scripting (XSS), and an improper neutralization of CRLF sequences flaw in FortiWeb leading to arbitrary header injection.
Tomi Engdahl says:
Huijaus kiertää Gmailin suojaukset hinnaksi voi tulla 126 /kk https://www.is.fi/digitoday/tietoturva/art-2000009306925.html
SUOMALAISILLE lähetetään tilausansaan johtavia huijaussähköposteja kuriiripalvelun nimissä. Viestejä on personoitu siten, että otsikossa tai itse viestissä on viittauksia vastaanottajan nimeen. Huijauksia tulee ainakin kahden eri tahon nimissä. Nämä tulevat geneerisillä
Post- ja Delivery-nimillä, mutta viestien kuvakieli ja värimaailma tuovat mieleen Postin ja lähettipalvelut. Viestissä kerrotaan epäonnistuneesta lähetyksen toimitusyrityksestä, joka pitäisi aikatauluttaa uudestaan. Tästä vaaditaan 1,95 euron käsittelymaksua.
Tomi Engdahl says:
Jopa 70000 Microsoft Exchange -palvelinta alttiina hyökkäyksille asenna paikkaukset heti
https://www.tivi.fi/uutiset/tv/cdd5e99c-7c0c-4819-ae0b-957597d9c636
Kymmenet tuhannet Microsoft Exchange -palvelimet ovat edelleen paikkaamatta koodin etäsuorittamisen mahdollistavaa haavoittuvuutta vastaan. Kyseessä on ProxyNotShell-nimellä tunnettuihin haavoittuvuuksiin kuuluva aukko, kirjoittaa Bleeping Computer. Alkup.
https://www.bleepingcomputer.com/news/security/over-60-000-exchange-servers-vulnerable-to-proxynotshell-attacks/
Tomi Engdahl says:
Hackers abuse Windows error reporting tool to deploy malware https://www.bleepingcomputer.com/news/security/hackers-abuse-windows-error-reporting-tool-to-deploy-malware/
Hackers are abusing the Windows Problem Reporting (WerFault.exe) error reporting tool for Windows to load malware into a compromised system’s memory using a DLL sideloading technique. The use of this Windows executable is to stealthy infect devices without raising any alarms on the breached system by launching the malware through a legitimate Windows executable.
Tomi Engdahl says:
Toyota, Mercedes, BMW API flaws exposed owners personal info https://www.bleepingcomputer.com/news/security/toyota-mercedes-bmw-api-flaws-exposed-owners-personal-info/
Almost twenty car manufacturers and services contained API security vulnerabilities that could have allowed hackers to perform malicious activity, ranging from unlocking, starting, and tracking cars to exposing customers’ personal information. The security flaws impacted well-known brands, including BMW, Roll Royce, Mercedes-Benz, Ferrari, Porsche, Jaguar, Land Rover, Ford, KIA, Honda, Infiniti, Nissan, Acura, Hyundai, Toyota, and Genesis.
Tomi Engdahl says:
Rail giant Wabtec discloses data breach after Lockbit ransomware attack https://www.bleepingcomputer.com/news/security/rail-giant-wabtec-discloses-data-breach-after-lockbit-ransomware-attack/
U.S. rail and locomotive company Wabtec Corporation has disclosed a data breach that exposed personal and sensitive information. Wabtec is a U.S.-based public company producing state-of-the-art locomotives and rail systems. The company employs approximately 25,000 people and has a presence in 50 countries, being the world’s market leader in freight locomotives and a major player in the transit segment.
Tomi Engdahl says:
New shc-based Linux Malware Targeting Systems with Cryptocurrency Miner https://thehackernews.com/2023/01/new-shc-based-linux-malware-targeting.html
A new Linux malware developed using the shell script compiler (shc) has been observed deploying a cryptocurrency miner on compromised systems. “It is presumed that after successful authentication through a dictionary attack on inadequately managed Linux SSH servers, various malware were installed on the target system,” AhnLab Security Emergency Response Center (ASEC) said in a report published today.
Alkup. https://asec.ahnlab.com/en/45182/
Tomi Engdahl says:
Ireland fines Meta $414m for using personal data without asking https://www.theregister.com/2023/01/04/meta_fined_390_for_using/
A legal saga between Meta, Ireland and the European Union has reached a conclusion at least for now that forces the social media giant to remove data consent requirements from its terms of service in favor of explicit consent, and subjects it to a few hundred million more euros in fines for the trouble. The Irish Data Protection Commision (DPC) said today that it has made a final decision fining Meta’s Irish operating arm a combined 390 million ($414 million) for violations of the EU’s General Data Protection Regulation, and directing it to “bring its data processing operations into compliance within a period of 3 months,” the DPC said.
Tomi Engdahl says:
Android’s First Security Updates for 2023 Patch 60 Vulnerabilities
https://www.securityweek.com/androids-first-security-updates-2023-patch-60-vulnerabilities
Google announced on Tuesday the first Android security updates for 2023, which patch a total of 60 vulnerabilities.
The first part of the update, which arrives on devices as the 2023-01-01 security patch level, addresses 19 security defects in the Framework and System components.
“The most severe of these issues is a high security vulnerability in the Framework component that could lead to local escalation of privilege with no additional execution privileges needed,” Google notes in its advisory.
https://source.android.com/docs/security/bulletin/2023-01-01
Tomi Engdahl says:
https://www.9news.com.au/national/samsung-phone-update-reportedly-causes-some-models-to-crash-with-blank-screen-lose-data-south-australia/e41460db-1623-4576-8ef9-ee12a7d6e7da
Tomi Engdahl says:
https://www.securityweek.com/meta-hit-390-million-euro-fine-over-eu-data-breaches
Tomi Engdahl says:
Ax Sharma / BleepingComputer:
CircleCI says it’s investigating “a security incident” and “out of an abundance of caution” all customers should “rotate any and all secrets stored in CircleCI”
https://www.bleepingcomputer.com/news/security/circleci-warns-of-security-breach-rotate-your-secrets/
Tomi Engdahl says:
Lawrence Abrams / BleepingComputer:
A hacker allegedly leaks a data set containing email addresses of 200M+ Twitter users, apparently a cleaner version of the 400M set circulating in December 2022 — A data leak described as containing email addresses for over 200 million Twitter users has been published on a popular hacker forum for about $2.
https://www.bleepingcomputer.com/news/security/200-million-twitter-users-email-addresses-allegedly-leaked-online/
Tomi Engdahl says:
Bill Toulas / BleepingComputer:
Researchers find API security flaws in almost 20 car manufacturers’ systems that could let hackers unlock, start, and track cars, plus access customers’ data — Almost twenty car manufacturers and services contained API security vulnerabilities that could have allowed hackers to perform malicious activity …
Toyota, Mercedes, BMW API flaws exposed owners’ personal info
https://www.bleepingcomputer.com/news/security/toyota-mercedes-bmw-api-flaws-exposed-owners-personal-info/
Almost twenty car manufacturers and services contained API security vulnerabilities that could have allowed hackers to perform malicious activity, ranging from unlocking, starting, and tracking cars to exposing customers’ personal information.
The security flaws impacted well-known brands, including BMW, Roll Royce, Mercedes-Benz, Ferrari, Porsche, Jaguar, Land Rover, Ford, KIA, Honda, Infiniti, Nissan, Acura, Hyundai, Toyota, and Genesis.
Tomi Engdahl says:
Joseph Menn / Washington Post:
Cybersecurity company Rapid7 hires former Twitter security chief and whistleblower Peiter “Mudge” Zatko to advise clients; Twitter fired Zatko in January 2022
https://www.washingtonpost.com/technology/2023/01/04/mudge-finds-a-new-job/
Tomi Engdahl says:
https://www.bleepingcomputer.com/news/security/bluebottle-hackers-used-signed-windows-driver-in-attacks-on-banks/
Tomi Engdahl says:
Rust projects open to denial of service thanks to Hyper mistakes
https://www.theregister.com/2023/01/06/flaws_rust_projects_ddos/
If only there were some way to avoid…oh, there is? RTFM
iconThomas Claburn
Fri 6 Jan 2023 // 06:30 UTC
Security researchers at have identified multiple vulnerabilities arising from careless use of the Rust Hyper package, a very popular library for handling HTTP requests.
Security firm JFrog found that an undisclosed number of projects incorporating Hyper, like Axum, Salvo and conduit-hyper, were susceptible to denial of service (DoS) attacks arising from HTTP requests crafted to take advantage of the vulnerabilities.
Tomi Engdahl says:
Microsoft hautaa lopullisesti flopanneen Windowsinsa
6.1.202311:01|päivitetty6.1.202311:01
Windows 8.1:n tukiaika tulee päätökseensä.
https://www.mikrobitti.fi/uutiset/microsoft-hautaa-lopullisesti-flopanneen-windowsinsa/de70842e-c61d-408f-9d03-71fcf9b20480
Tomi Engdahl says:
WordPress Sites Under Attack From Newly Found Linux Trojan
Researchers who discovered the backdoor Linux malware say it may have been around for more than three years — and it targets 30+ plug-in bugs.
https://www.darkreading.com/attacks-breaches/wordpress-under-attack-from-new-linux-backdoor-malware
Tomi Engdahl says:
https://www.bleepingcomputer.com/news/security/slacks-private-github-code-repositories-stolen-over-holidays/
Tomi Engdahl says:
Linux backdoor malware infects WordPress-based websites
https://news.drweb.com/show/?i=14646
Tomi Engdahl says:
https://www.bleepingcomputer.com/news/security/hackers-use-captcha-bypass-to-make-20k-github-accounts-in-a-month/
Tomi Engdahl says:
https://www.bleepingcomputer.com/news/security/hackers-abuse-windows-error-reporting-tool-to-deploy-malware/
Tomi Engdahl says:
https://thehackernews.com/2023/01/new-shc-based-linux-malware-targeting.html
Tomi Engdahl says:
Update wipes data, leaves blank screens on South Australian Samsung phones
https://www.9news.com.au/national/samsung-phone-update-reportedly-causes-some-models-to-crash-with-blank-screen-lose-data-south-australia/e41460db-1623-4576-8ef9-ee12a7d6e7da
Tomi Engdahl says:
Researchers discover critical vulnerabilities in Ferrari, BMW, Toyota, and other automotive giants
https://cybernews.com/security/researchers-discover-vulnerabilities-in-ferrari-bmw-toyota/
Tomi Engdahl says:
Dridex Returns, Targets MacOS Using New Entry Method https://www.trendmicro.com/en_us/research/23/a/-dridex-targets-macos-using-new-entry-method.html
This blog entry primarily concerns Dridex, an online banking malware that has been active for years. The variant we analyzed has made its way into the MacOS platform and has adopted a new technique to deliver documents embedded with malicious macros to users without having to pretend to be invoices or other business-related files
Tomi Engdahl says:
Ex-GE engineer gets two years in prison after stealing turbine tech for China https://www.theregister.com/2023/01/04/ge_turbine_china_prison/
In July 2018, Zheng moved about 40 encrypted files to a temp folder on his work desktop. “GE Power determines that the files related to sealing and optimizing turbine technology information that GE considers to be proprietary and secret,” the indictment noted.
“Through the steganography technique, Zheng placed the aforementioned electronic files into the binary code of a separate electronic file on the computer an otherwise innocuous-looking digital photograph of a sunset. Zheng then emailed the digital photograph file of the sunset, which secretly contained the hidden GE electronic files containing GE’s proprietary data, from his GE-provided email address to his personal email address at Hotmail.”
Tomi Engdahl says:
Hundreds of WordPress sites infected by recently discovered backdoor https://arstechnica.com/information-technology/2023/01/hundreds-of-wordpress-sites-infected-by-recently-discovered-backdoor/
Malware that exploits unpatched vulnerabilities in 30 different WordPress plugins has infected hundreds if not thousands of sites and may have been in active use for years, according to a writeup published last week
Tomi Engdahl says:
LockBit ransomware gang says sorry, gives free decryptor to SickKids hospital https://www.tripwire.com/state-of-security/lockbit-ransomware-gang-says-sorry-gives-free-decryptor-sickkids-hospital
Just days before Christmas, on the night of Sunday 18 December 2022, Canada’s Hospital for Sick Children (better known as SickKids) was hit by a ransomware attack. [...] In its latest statement, SickKids confirms that it has not made any ransom payment, has restored over 60% of its priority systems, and is assessing whether they need to use the decryptor offered by the LockBit gang at all
Tomi Engdahl says:
200 million Twitter users’ email addresses allegedly leaked online https://www.bleepingcomputer.com/news/security/200-million-twitter-users-email-addresses-allegedly-leaked-online/
A data leak described as containing email addresses for over 200 million Twitter users has been published on a popular hacker forum for about $2. BleepingComputer has confirmed the validity of many of the email addresses listed in the leak. Since July 22nd, 2022, threat actors and data breach collectors have been selling and circulating large data sets of scraped Twitter user profiles containing both private (phone numbers and email addresses) and public data on various online hacker forums and cybercrime marketplaces. These data sets were created in 2021 by exploiting a Twitter API vulnerability that allowed users to input email addresses and phone numbers to confirm whether they were associated with a Twitter ID