[TheRecord] Hackers leak LinkedIn 700 million data scrape

A collection containing data about more than 700 million users, believed to have been scraped from LinkedIn, was leaked online this week after hackers previously tried to sell it earlier this year in June. The collection, obtained by The Record from a source, is currently being shared in private Telegram channels in the form of a torrent file […]

Read More

[TheRecord] Microsoft Exchange Autodiscover bug leaks hundreds of thousands of domain credentials

Security researchers have discovered a design flaw in a feature of the Microsoft Exchange email server that can be abused to harvest Windows domain and app credentials from users across the world. Discovered by Amit Serper, AVP of Security Research at security firm Guardicore, the bug resides in the Microsoft Autodiscover protocol, a feature of Exchange […]

Read More

[TheRecord] Lithuanian government warns about secret censorship features in Xiaomi phones

The Lithuanian Defense Ministry published a security audit on Wednesday for three popular 5G smartphone models manufactured in China, recommending that citizens avoid or stop using at least two of the three devices, citing privacy infringements and secret censorship capabilities. The 5G smartphone models selected for the audit included: OnePlus 8T 5GHuawei P40 5GXiaomi Mi […]

Read More

[TheRecord] Microsoft uncovers giant Phishing-as-a-Service operation

Microsoft’s security team said today that it uncovered a massive operation that provides phishing services to cybercrime gangs using a hosting-like infrastructure that the OS maker likened to a Phishing-as-a-Service (PHaaS) model. Known as BulletProofLink, BulletProftLink, or Anthrax, the service is currently advertised on underground cybercrime forums. The service is an evolution on “phishing kits,” which […]

Read More

[TheRecord] Data breach at Texas behavioral health center affects more than 24,000

A data breach at Texas behavioral health provider Texoma Community Center affected more than 24,000 people and highlights how timelines for breach notification may lag behind security events—even when the most sensitive information is compromised.  Texoma is a nonprofit that specializes in delivering mental health and substance abuse services. The public notice posted on its […]

Read More

[TheRecord] US Treasury sanctions cryptocurrency exchange linked to ransomware operations

The US Treasury Department has imposed sanctions today on cryptocurrency exchange portal Suex for helping ransomware, and other cybercrime groups, launder more than $160 million in illicit funds between 2018 and 2021. Registered in the Czech Republic but owned by Russian nationals, the exchange operated via the Suex.io website [archived] and out of headquarters in Moscow and Sankt Petersburg. […]

Read More

[TheRecord] Report: China-linked hackers take aim at Times of India and a biometric bonanza

When Chinese and Indian troops clashed in the Galwan Valley border region last year, the battle was decidedly low-tech—the two sides went after each other with rocks and clubs. Now, more than a year later, the skirmish has moved to cyberspace. A new study suggests that back in February, China-linked hackers launched a series of […]

Read More

[TheRecord] Russian security firm sinkholes part of the dangerous Meris DDoS botnet

Rostelecom-Solar, the cybersecurity division of Russian telecom giant Rostelecom, said on Monday that it sinkholed a part of the Meris DDoS botnet after identifying a mistake from the malware’s creators. First spotted earlier this year, the Meris botnet is currently the largest DDoS botnet on the internet, with an estimated size of around 250,000 infected systems. […]

Read More

[TheRecord] Researcher discloses iPhone lock screen bypass on iOS 15 launch day

On the day Apple released iOS 15, a Spanish security researcher disclosed an iPhone lock screen bypass that can be exploited to grant attackers access to a user’s notes. In an interview with The Record, Jose Rodriguez said he published details about the lock screen bypass after Apple downplayed similar lock screen bypass issues he reported […]

Read More

[TheRecord] Emerging from uncertainty, DOD cyber war college looks to navigate the future

Jim Langevin wanted to put the Pentagon on notice. In April last year the Rhode Island Democrat and a bipartisan group of lawmakers sent a letter to Defense Department leaders that pointedly urged them not to move ahead with a plan to shutter the National Defense University’s College of Information and Cyberspace.  The missive was […]

Read More