privacy – MrHacker

Vulnerabilities

Mar 27, 2024

Critical Unpatched Ray AI Platform Vulnerability Exploited for Cryptocurrency Mining

Cybersecurity researchers are warning that threat actors are actively exploiting a “disputed” and unpatched vulnerability in an open-source artificial intelligence (AI) platform called Anyscale Ray to hijack computing power for illicit cryptocurrency mining. “This vulnerability allows attackers to take over the companies’ computing power and leak sensitive data,” Oligo Security researchers Avi Lumelsky, Guy Kaplan, […]

root

Malware

Mar 06, 2024

U.S. Cracks Down on Predatory Spyware Firm for Targeting Officials and Journalists

The U.S. Department of Treasury’s Office of Foreign Assets Control (OFAC) sanctioned two individuals and five entities associated with the Intellexa Alliance for their role in “developing, operating, and distributing” commercial spyware designed to target government officials, journalists, and policy experts in the country. “The proliferation of commercial spyware poses distinct and growing security risks […]

root

Vulnerabilities

Feb 07, 2024

Global Coalition and Tech Giants Unite Against Commercial Spyware Abuse

A coalition of dozens of countries, including France, the U.K., and the U.S., along with tech companies such as Google, MDSec, Meta, and Microsoft, have signed a joint agreement to curb the abuse of commercial spyware to commit human rights abuses. The initiative, dubbed the Pall Mall Process, aims to tackle the proliferation and irresponsible […]

root

Vulnerabilities

Dec 06, 2023

New Report: Unveiling the Threat of Malicious Browser Extensions

Compromising the browser is a high-return target for adversaries. Browser extensions, which are small software modules that are added to the browser and can enhance browsing experiences, have become a popular browser attack vector. This is because they are widely adopted among users and can easily turn malicious through developer actions or attacks on legitimate […]

root

Vulnerabilities

Sep 23, 2023

New Apple Zero-Days Exploited to Target Egyptian ex-MP with Predator Spyware

The three zero-day flaws addressed by Apple on September 21, 2023, were leveraged as part of an iPhone exploit chain in an attempt to deliver a spyware strain called Predator targeting former Egyptian member of parliament Ahmed Eltantawy between May and September 2023. “The targeting took place after Eltantawy publicly stated his plans to run […]

root

Data Breach

Jul 24, 2023

How to Protect Patients and Their Privacy in Your SaaS Apps

The healthcare industry is under a constant barrage of cyberattacks. It has traditionally been one of the most frequently targeted industries, and things haven’t changed in 2023. The U.S. Government’s Office for Civil Rights reported 145 data breaches in the United States during the first quarter of this year. That follows 707 incidents a year […]

root

Malware

Jun 29, 2023

Android Spy App LetMeSpy Suffers Major Data Breach, Exposing Users’ Personal Data

Android-based phone monitoring app LetMeSpy has disclosed a security breach that allowed an unauthorized third-party to steal sensitive data associated with thousands of Android users. “As a result of the attack, the criminals gained access to email addresses, telephone numbers and the content of messages collected on accounts,” LetMeSpy said in an announcement on its […]

root

Malware

Jun 21, 2023

ScarCruft Hackers Exploit Ably Service for Stealthy Wiretapping Attacks

The North Korean threat actor known as ScarCruft has been observed using an information-stealing malware with previously undocumented wiretapping features as well as a backdoor developed using Golang that exploits the Ably real-time messaging service. “The threat actor sent their commands through the Golang backdoor that is using the Ably service,” the AhnLab Security Emergency […]

root

Data Breach

Nov 29, 2022

Irish Regulator Fines Facebook $277 Million for Leak of Half a Billion Users’ Data

Ireland’s Data Protection Commission (DPC) has levied fines of €265 million ($277 million) against Meta Platforms for failing to safeguard the personal data of more than half a billion users of its Facebook service, ramping up privacy enforcement against U.S. tech firms. The fines follow an inquiry initiated by the European regulator on April 14, […]

root

Data Breach

Aug 30, 2022

India’s Newest Airline Akasa Air Found Leaking Passengers’ Personal Information

Akasa Air, India’s newest commercial airline, exposed the personal data belonging to its customers that the company blamed on a technical configuration error. According to security researcher Ashutosh Barot, the issue is rooted in the account registration process, leading to the exposure of details such as names, gender, email addresses, and phone numbers. The bug […]

root

Vulnerabilities

Aug 06, 2022

Hackers Exploit Twitter Vulnerability to Exposes 5.4 Million Accounts

Twitter on Friday revealed that a now-patched zero-day bug was used to link phone numbers and emails to user accounts on the social media platform. “As a result of the vulnerability, if someone submitted an email address or phone number to Twitter’s systems, Twitter’s systems would tell the person what Twitter account the submitted email […]

root

Malware

Jul 12, 2022

TikTok Postpones Privacy Policy Update in Europe After Italy Warns of GDPR Breach

Popular video-sharing platform TikTok on Tuesday agreed to pause a controversial privacy policy update that could have allowed it to serve targeted ads based on users’ activity on the social video platform without their permission to do so. The reversal, reported by TechCrunch, comes a day after the Italian data protection authority — the Garante […]

root

Malware

Feb 16, 2022

EU Data Protection Watchdog Calls for Ban on Pegasus-like Commercial Spyware

The European Union’s data protection authority on Tuesday called for a ban on the development and the use of Pegasus-like commercial spyware in the region, calling out the technology’s “unprecedented level of intrusiveness” that could endanger users’ right to privacy. “Pegasus constitutes a paradigm shift in terms of access to private communications and devices, which […]

root

Surveillance

Dec 25, 2021

DuckDuckGo developing a robust privacy-focused desktop browser

According to DuckDuckGo, the desktop browser will work on both Mac and Windows devices. DuckDuckGo has revealed its plans for an upcoming desktop app in its latest blog post in which the company’s CEO Gabriel Weinberg shared details of their plans moving forward. DuckDuckGo’s CEO stated that they are developing a standalone desktop browser for […]

root

Data Security

Dec 22, 2021

Gumtree exposed users’ personal and GPS location via source code

All a user required was to open Gumtree’s website and press the F12 button on Chrome or Firefox browsers to view users’ personal data. A UK-based classified site and used goods marketplace, Gumtree, exposed the home addresses of its users in its webpages source code. Gumtree is among the top 30 sites in Britain, and […]

root

Data Security

Dec 22, 2021

German audio tech giant Sennheiser exposed 55GB of customers’ data

Sennheiser left personal data of over 28,000 customers exposed on a misconfigured Amazon Web Services (AWS) server. According to a report from vpnMentor, the German audio equipment manufacturer, Sennheiser left an unsecured Amazon Web Services (AWS) server online. The server stored around 55GB of information on over 28,000 Sennheiser customers. AWS buckets are popular among […]

root

Cyber Events

Dec 09, 2021

Planned Parenthood data breach: Hackers steal 400,000 patients’ data

According to Planned Parenthood, the latest data breach has affected its Los Angeles branch (PPLA) after it suffered a ransomware attack. On Wednesday, December 1st, 2021 Planned Parenthood, the non-profit reproductive health care organization based in the United States disclosed a data breach impacting over 400,000 patients of its Los Angeles branch (Planned Parenthood Los […]

root

Data Security

Nov 28, 2021

WiFi software management firm exposed millions of users’ data

Brazil-based WiFi management software firm WSpot exposed extensive details of high-profile firms and millions of customers. WSpot provides software to let businesses secure their on-premise WiFi networks and offer password-free online access to their clients. Some of the notable clients of WSpot include Sicredi, Pizza Hut, and Unimed. According to WSpot, 5% of its customer […]

root

Data Security

Nov 19, 2021

New vulnerabilities allowed attackers to intercept Zoom meetings

Exploiting these vulnerabilities, a remote attacker could also execute arbitrary code on the server using root-user privileges. The cybersecurity researchers at Positive Technologies identified three vulnerabilities in several critical apps part of the Zoom video conferencing platform (both apps and tools). These include Zoom Virtual Room Connector, Zoom Meeting Connector Controller, and Zoom Recording Connector. […]

root

Surveillance

Nov 09, 2021

Facebook to end facial recognition and delete billions of records

Facebook has announced that it will shut down its Facial Recognition System and delete the templates of over 1 billion people stored by this feature. This is a significant change, but contrary to popular perception, the social network won’t be forgoing the technology in its entirety because it regards facial recognition as a “powerful tool” […]

root

News

Oct 30, 2021

Hacker steals govt database with info of entire Argentine population

Reportedly, the database also contains personal information of Argentinian President Alberto Fernández, football superstars Sergio Aguero and Lionel Messi. After the infamous La Gorra Leaks in 2017 and the exposure of Argentinian politicians and law enforcement officials in 2019, Argentine is back in the news for all the wrong reasons. This time, hackers have reportedly […]

root