Pulse of Truth

A Twitter account known as DarkWebInformer has claimed that a notorious hacker, identified only by the alias “888,” has allegedly leaked sensitive data belonging to SAP employees. A member of BreachForums has claimed responsibility for leaking an employee database purportedly belonging to SAP SE, one of the world’s leading enterprise software companies. The leak reportedly […] The post Threat Actor 888 Allegedly Claims Leak of SAP Employees Data appeared first on Cyber Security News.

Also: Apple to end NSO Group lawsuit; Malicious Python dev job offers; Dark web kingpins busted; and more Infosec In Brief  Genetic testing outfit 23andMe has settled a proposed class action case related to a 2023 data breach for $30 million.…

Ben Lovejoy / 9to5Mac: Apple's Activation Lock for iPhone components will make a huge dent in the market for stolen iPhones, though it introduces another barrier to DIY repairs  —  Apple's latest theft-prevention measure went live for beta testers yesterday: Activation Lock for iPhone components.

New research around stock behavior led by professors from universities across the Midwest took a novel approach. The academics used commercially available mobile phone location data to track devices spending significant time around SEC offices. They then traced those devices traveling to corporate headquarters in the year before the Covid...Read Entire Article

Comments

​Transport for London (TfL) says that all staff (roughly 30,000 employees) must attend in-person appointments to verify their identities and reset passwords following a cybersecurity incident disclosed almost two weeks ago. [...]

The Irish Data Protection Commission (DPC) has announced that it has commenced a "Cross-Border statutory inquiry" into Google's foundational artificial intelligence (AI) model to determine whether the tech giant has adhered to data protection regulations in the region when processing the personal data of European users. "The statutory inquiry concerns the question of whether Google has complied

That would explain this 440GB leak, then Fortinet has admitted that bad actors accessed cloud-hosted data about its customers, but insisted it was a "limited number" of files. The question is: how limited is "limited"?…

What kind of OS can be hijacked by clicking a link at just the right time? Microsoft's In this week's Patch Tuesday Microsoft alerted users to, among other vulnerabilities, a flaw in Windows Installer that can be exploited by malware or a rogue user to gain SYSTEM-level privileges to hijack a PC.…

Would you want to drive a truck that was constantly listening to you?

Members of the North Korean hacker group Lazarus posing as recruiters are baiting Python developers with coding test project for password management products that include malware. [...]

Comments

A really big oh sh*t moment, for sure For C-suite execs and security leaders, discovering your organization has been breached, your critical systems locked up and your data stolen, then receiving a ransom demand, is probably the worst day of your professional life.…

Allegedly pilfered database has source code, private keys, staff info, T-Mobile VM logs, more A miscreant claims to have broken into Capgemini and leaked a large amount of sensitive data stolen from the technology services giant – including source code, credentials, and T-Mobile's virtual machine logs.…

The Vision Pro uses 3D avatars on calls and for streaming. These researchers used eye tracking to work out the passwords and PINs people typed with their avatars.

Two algorithms added so far, two more planned in the coming months.

Threat actors have infected over 1.3 million TV streaming boxes running Android with a new Vo1d backdoor malware, allowing the attackers to take full control of the devices. [...]

Every type of fraud is on the rise, and 2023 was a particularly devastating year for victims of cryptocurrency and business email compromise (BEC) scams, according to the FBI. Cryptocurrency fraud Based on complaints filed to FBI’s Internet Crime Complaint Center (IC3) in 2023, the year saw over $5.6 billion in losses tied to cryptocurrency fraud alone, marking a dramatic 45% increase over 2022 figures. Criminals are exploiting the difficulties of tracing and recovering cryptocurrency … More → The post Losses due to cryptocurrency and BEC scams are soaring appeared first on Help Net Security.

Mastercard Inc. agreed to buy cyber-defense firm Recorded Future for $2.65 billion to boost its ability to protect the card company’s massive global-payments system.

Samuel Stolton / Bloomberg: Google loses its bid to reverse a €2.4B EU fine for abusing its monopoly power to crush rival shopping services, as EU's Court of Justice backs a 2017 decision  —  - EU judges uphold lower court ruling in shopping case  — Google was accused by EU of abusing its dominant position

Learn why more organizations are including their bug bounty programs in S-1 filings and other corporate disclosures.

Ivanti has fixed a maximum severity vulnerability in its Endpoint Management software (EPM) that can let unauthenticated attackers gain remote code execution on the core server. [...]

The legendary actor beloved for his turn as Star Wars' tragic villain Darth Vader, among countless other roles, was 93.

The RansomHub ransomware gang has been using TDSSKiller, a legitimate tool from Kaspersky, to disable endpoint detection and response (EDR) services on target systems. [...]

Arjun Kharpal / CNBC: The European Court of Justice rules against Apple over a record €13B Irish tax bill, backing a landmark decision from 2016  —  Europe's top court on Tuesday ruled against Apple in the tech giant's 10-year court battle over its tax affairs in Ireland.  —  The pronouncement …