Gareth Corfield had the exclusive on this one: Tesco has shuttered its parking validation web app after The Register uncovered tens of millions of unsecured ANPR images sitting in a Microsoft Azure blob. The images consisted of photos of cars taken as they entered and left 19 Tesco car parks spread across Britain. Visible and…
Category: Business Sector
Twitter suspends account claiming responsibility for WoW DDoS attack, Blizzard confirms suspect has been arrested
Dom Sacco has an update to reporting of September 8: UPDATE (September 20th): Blizzard has announced that a suspect has been arrested over this incident. It said in a forum post: “Immediately after the Distributed Denial of Service attacks against our game service began, the Blizzard Security Team worked around the clock with local and…
Football Leaks: Suspected hacker charged in Portugal
BBC reports: A man linked to the Football Leaks disclosures which prompted investigations into the Manchester City and Paris St-Germain clubs has been charged with 147 offences in Portugal. Rui Pinto, 30, is accused of crimes relating to unauthorised access to data and attempted extortion. Read more on BBC.
TalkTalk hacker also breached EtherDelta cryptocurrency exchange
Catalin Cimpanu has the scoop on this one: US authorities have indicted two suspects for hacking cryptocurrency exchange EtherDelta in December 2017, changing the site’s DNS settings, and redirecting traffic to a clone where they logged user credentials and then stole customer funds. One of the two suspects is Elliott Gunton, also known as “Glubz,”…
Tortoiseshell Group Targets IT Providers in Saudi Arabia in Probable Supply Chain Attacks
Symantec reports: A previously undocumented attack group is using both custom and off-the-shelf malware to target IT providers in Saudi Arabia in what appear to be supply chain attacks with the end goal of compromising the IT providers’ customers. The group, which we are calling Tortoiseshell, has been active since at least July 2018. Symantec…
Malaysia’s Malindo Air confirms passenger data breach, advises frequent flyers to change passwords
Reuters reports: Malaysia’s Malindo Air, a subsidiary of Indonesia’s Lion Group, said on Wednesday (Sept 18) that it was investigating a data breach involving the personal details of its passengers. Malindo Air’s statement followed a report by Moscow-based cyber-security firm Kaspersky Lab that the details of around 30 million passengers of Malindo and fellow Lion…