Version 128.0.6613.84/.85
Exploit in the wild. Chromium browsers should also issue updates very soon.
Friday, August 23, 2024
Wednesday, August 21, 2024
Toyota confirms data breach August 21, 2024
Very few details. Toyota confirms the data breach. Investigation ongoing.
Attackers claim: "Contents: Everything like Contacts, Finance, Customers, Schemes, Employees, Photos, DBs, Network infrastructure, Emails, and a lot of perfect data. We also offer you AD-Recon for all the target network with passwords."
Toyota:
"We are aware of the situation. The issue is limited in scope and is not a system wide issue,"
"engaged with those who are impacted and will provide assistance if needed."
Thursday, August 15, 2024
National Public Data breach - Was my data exposed?
Billions of personal information records published on the dark web and other venues. Data from non-public sources contain full names, names of relatives, full social security numbers, date of birth, physical addresses, etc.
You might wonder if your data or the data of a relative is one of those billions of records.
Some sites and companies are offering a tool to check.
BUT to check you have to provide the very data to those sites that you wish to check/search.
Consider your data is one or more of those billions of stolen records and those records are for sale or have been made available.
https://npd.pentester.com/
Yesterday this search site was a little dodgy.
A little better today.
A caution, you are supplying the data to search for.
In my testing I found some errors
BUT the amount of data and most results were accurate.
If your information is not in a search result
PLEASE DO NOT assume you are safe.
We ALL need to be more vigilant, cautious, suspicious.
A little better today.
A caution, you are supplying the data to search for.
In my testing I found some errors
BUT the amount of data and most results were accurate.
If your information is not in a search result
PLEASE DO NOT assume you are safe.
We ALL need to be more vigilant, cautious, suspicious.
Friday, August 9, 2024
1Password users on Mac urged to apply patch
Mac users of 1Pasword version 8.10.36 are urged to apply a patch to prevent attackers from stealing entire password vaults.
“To exploit the issue, an attacker must run malicious software on a computer specifically targeting 1Password for Mac. An attacker is able to misuse missing macOS-specific inter-process validations to hijack or impersonate a trusted 1Password integration such as the 1Password browser extension or CLI.”
This would permit the malicious software to exfiltrate vault items, as well as obtain derived values used to sign in to 1Password, specifically the account unlock key and “SRP-𝑥”.”
Thursday, August 8, 2024
Many Centrak Texas 911 systems were hacked August 4, 2024
Some Central Texas 9-1-1 call centers faced serious difficulties on Sunday(August 4 when callers and call-takers and difficulty hearing each other.
Austin and Lakeway were communicating with social media.
Capital Area Council of Governments - which operates the 9-1-1 systems announced later the threat was due to a cyber attack called a denial of service.
Wednesday, August 7, 2024
Apple Releases Updates iOS 17.6.1, iPadOS 17.6.1,
August 7, 2024
Apple releases updates to several platforms this evening.
iOS 17.6.1, iOS 16.7.10, iPad 17.6.1, iPadOS 16.7.10,
macOS Sonoma 14.6.1
The possibility for older devices receiving this important update from Apple may exist.
Apple statement: “This update includes important bug fixes and addresses an issue that prevents enabling or disabling Advanced Data Protection.”
However, Apple just updated iOS 10 17.6 last week and Apple rarely gives details on updates with a security element.
Worries me that iOS 16.7.10 also has an update.
Tuesday, August 6, 2024
National Public Data information on 2.9 billion persons available on Dark Web 6-Aug-2024
National Public Data is a background check service. The service scrapes non-public sources to carry out background checks on billions of people.
Data collected includes SSN, full names, addresses, relatives, ...
This data was not given to National Public Data willingly or with convent/notice. Most victims will be unaware the data was collected, stored, or used at all.
The data stolen is being offered for sale: $3.5M.
A class action suit claims:
Negligence, breach of fiduciary duty and third-party beneficiary contract, and unjust enrichment.
Yet another reason to greatly increase awareness, vigilance, and communications to any and all.
Subscribe to:
Posts (Atom)