Google TAG reported that an exploitation framework making use of multiple zero-days was sold by a Spanish spyware firm for years. Firm says that it is not responsible but there is evidence in the code, including a script that is signed by the company.
Alleged Data Leak of Almost 500 Million WhatsApp Records Exposes User Profile Information on Dark Web
A post on the dark web is offering almost 500 million WhatsApp user profiles for sale. Check Point reported that 360 million phone numbers are legitimate, but not necessarily associated with WhatsApp.
Meta Employees, Contractors Engaged in Account Hijacking Schemes Using Internal Account Recovery Privileges
Leaked internal document reported that some Meta employees and third party security contractor abused access to an internal account recovery tool for cash, in some cases even engaging in account hijacking plots.
Australia’s string of major data breaches have prompted quick and dramatic action by the government to shore up the nation’s cybersecurity. The most recent is the announcement of a new cyber task force that will spend all of its time pursuing these criminal hackers, whether domestic or foreign.
Personal data of about five million employees and passengers has been stolen in a ransomware attack. Attackers said that the internal network was in such a poor state that they were ceasing any further attacks against AirAsia due to some combination of sympathy and frustration.