Intel sued under wiretapping laws for tracking user activity on its website

A class-action suit in Florida accuses the tech giant of unlawfully intercepting communications without consent by using analytics technology including software to capture keystrokes and mouse movements of people visiting the corporate homepage, Intel.com. There is legal precedent for bringing cases against technology companies for session reporting, though so far none has resulted in any judgments against them.

(Threatpost)

Whistleblower: Ubiquiti breach “catastrophic”

On January 11 of this year, Ubiquiti, a vendor of cloud-enabled Internet of Things (IoT) devices such as routers, network video recorders and security cameras, disclosed that a breach involving a third-party cloud provider had exposed customer account credentials. Now, according to Krebs on Security, a source who participated in the response to that breach alleges Ubiquiti massively downplayed a “catastrophic” incident to minimize the hit to its stock price, and that the third-party cloud provider claim was a fabrication. According to the whistleblower, “the breach was massive, customer data was at risk, access to customers’ devices deployed in corporations and homes around the world was at risk.” The full story is available at Krebsonsecurity.com.

(KrebsOnSecurity)

Gibberish tweet from US nuclear-agency was from unattended child

An unintelligible tweet of random keyboard letters posted on the Twitter account of the US Strategic Command on March 28 was sent by a young child of the agency’s Twitter manager. According to a document posted following a Freedom of Information Act request, the manager had been working from home and had left the Twitter account open and unattended temporarily, at which point, “his very young child and started playing with the keys and unknowingly, posted the tweet.” The agency is responsible for safeguarding America’s nuclear weapons.

(BBC News)

MobiKwik suffers major breach: KYC data of 3.5 million users exposed

Popular Indian mobile payments service MobiKwik came under fire on Monday after 8.2 terabytes (TB) of data belonging to millions of its users began circulating on the dark web in the aftermath of a major data breach that came to light earlier this month. What is significant about this breach is the fact that the leak shows that MobiKwik does not delete card information from its servers even after a user has removed them, in what’s likely a breach of government regulations. MobiKwik officials vehemently denied the breach, blaming a “media-crazed so-called security researcher,” but numerous independent users have confirmed the breach, specifically by finding their personal details on the leak site.

(The Hacker News)

Thanks to our episode sponsor, Remediant

Remediant is a fast growing Gartner Cool vendor focused on the concept of precision Privileged Access Management and a Fortune 100 company calls “the world’s best protection against major incidents.”

Remediant uniquely deploys & inventories thousands of privileged accounts in hours, locks down lateral movement & ransomware spread by removing standing privilege with a single action, and administers privileges just-in-time with MFA.

To learn more, visit remediant.com

FIN11 publishes data stolen from Shell and others

Last week we reported on a breach at energy giant Shell, in which attackers compromised the company’s secure file-sharing system powered by Accellion’s File Transfer Appliance (FTA). Now the gang behind the breach, FIN11, has released copies of passports, and documents to a Tor-based website where hackers who conduct Clop ransomware attacks leak stolen information. It is reported by Bleeping Computer that data from other affected organizations including Qualys, Kroger, Jones Day, Bombardier, and the Office of the Washington State Auditor (SAO), as well as Yeshiva University, Stanford University and the Universities of Miami, Maryland, California, and Colorado, may also have data posted there.

(Security Week

PayPal launches crypto checkout service

PayPal Holdings Inc. announced yesterday that it has started allowing U.S. consumers to use their cryptocurrency holdings to pay at millions of its online merchants globally, a move that could significantly boost use of digital assets in everyday commerce. Customers who hold bitcoin, ether, bitcoin cash and litecoin in PayPal digital wallets will now be able to convert their holdings into fiat currencies at checkouts to make purchases, the company said. The company will charge no transaction fee to checkout with crypto but only one type of coin can be used for each purchase.

(Reuters)

WordPress Ivory Search plugin vulnerability patched

On March 28, 2021, Astra Security Threat Intelligence Team members responsibly disclosed a vulnerability in Ivory Search, a WordPress search plugin installed on over 60,000 sites. This security vulnerability could be exploited by an attacker to perform malicious actions on a victim’s website. Ivory Search is a WordPress search plugin that allows its users to create new custom search forms for their WordPress sites. USers of the Ivory Search plugin are highly recommended to update the fully patched version 4.6.1.

(Security Affairs)

Ziggy ransomware gang announces shutdown: returns keys and offers refund

Voicing concerns about recent law enforcement activity and guilt for encrypting their victims, the gang has released all victims’ decryption keys, and has now offered to refund the money they extorted. In an interview with Bleeping Computer, the ransomware admin said they created the ransomware to generate money as they live in a “third-world country.” Threat analyst Brett Callow suggests that the recent arrest of individuals associated with the Emotet and Netwalker operation could be causing some actors to get cold feet. The admin at Ziggy has posted contact information for victims to receive their ransoms back in bitcoin. 

(CISOMag)