Security News

McDonald’s India has leaked customer and delivery person data due to a vulnerability in an API (Application Programming Interface) used. In addition, it was possible to hijack customer orders, place orders for just one cent, provide feedback on other customers’ orders, view details of each order, and download invoices. This involved the name, email address, […]

In short: Key Point Details Company Affected BeyondTrust Type of Attack Break-in into customers’ Remote Support SaaS instances Discovery Date Potentially suspicious behavior noted on December 2, confirmed on December 5 Vulnerabilities Identified Two vulnerabilities found, including CVE-2024-12356 with a severity rating of 9.8/10 Government Warning CISA warns of exploitation of CVE-2024-12356; no confirmation that

About a hundred thousand smart TVs from manufacturer Yandex are supplied with pre-installed Android malware called BadBox, security company Bitsight claims based on its own research. In total, the company counted 192,000 Android devices infected with BaxBox. Once active, the malware can steal two-factor keys, install additional malware and attack other devices on the network,

OpenAI used personal data to train ChatGPT without having a valid basis for doing so. In addition, the organization concealed a data breach, was not transparent towards users, lacked age verification and the mandatory information provision was inadequate, according to the Italian privacy regulator GPDP. It imposed a fine of fifteen million euros on OpenAI

The Tor Project wants it to be easier to integrate Tor within other apps and has made this one of the priorities for next year. More than two million people use the Tor network every day to protect their privacy and visit censored websites. In the Netherlands there are about 75,000 users, according to figures

WordPress.org is temporarily not accepting new plugins, new plugin reviews, new themes, new photos and new account registrations, Matt Mullenweg, the owner of WordPress.org, has announced. Mullenweg and WordPress host Automattic are involved in a legal battle with WP Engine, which also offers WordPress hosting. Customers can start their own WordPress site via the WP

A thirty-year-old Romanian man has been sentenced to twenty years in prison in the United States for carrying out attacks with the NetWalker ransomware. He must also relinquish more than $21 million and his interests in an Indonesian company and associated luxury resort being built in Bali, as well as pay $15 million in damages.

The data of 5.6 million people was stolen in the ransomware attack on the American healthcare giant Ascension Health, the organization informed the attorney general of the US state of Maine. This makes it one of the largest data breaches in American healthcare in the past two years. Ascension operates one hundred and forty hospitals

Apple has been warning iPhone owners for some time now if they are suspected of being the target of a ‘mercenary’ spyware attack, advising them to contact the non-profit organization Access Now’s helpline. Anyone who receives a message from Apple can reach the Access Now helpline 24 hours a day, seven days a week, Apple

Several Juniper customers have had to deal with compromised routers because the devices were still using standard passwords, the network company said. Last Wednesday, several customers reported suspicious behavior on their Session Smart Routers (SSR). The devices were found to be infected with a variant of the Mirai malware and were used to carry out