Sergiu Gatlan reports: Russian-backed hacking group Turla has used a previously undocumented malware toolset to deploy backdoors and steal sensitive documents in targeted cyber-espionage campaigns directed at high-profile targets such as the Ministry of Foreign Affairs of European Union countries. The previously unknown malware framework, named Crutch by its authors, was used in campaigns spanning…
River City Bank notifies customers after discovering insider wrongdoing
River City Bank had some explaining to do to customers. As described in their notification, a copy of which was submitted to the California Attorney General’s Office, the bank discovered a problem on September 29. An employee downloaded customer data to a personal storage drive and later sent it to a third party. The download…
This incredible exploit could have let hackers remotely own iPhones without even touching them
Sean Hollister reports: … Google Project Zero security researcher Ian Beer has revealed that, until May, a variety of Apple iPhones and other iOS devices were vulnerable to an incredible exploit that could let attackers remotely reboot and take complete control of their devices from a distance — including reading emails and other messages, downloading photos,…
AU: Australia’s largest cryptocurrency exchange accidentally exposed the names and emails of 270,000 customers
Cam Wilson reports that an old-fashioned email goof by BTC Markets exposed members’ names and email addresses: Early on Tuesday morning, an Australian cryptocurrency exchange that bills itself as the largest in the country inadvertently exposed more than 270,000 of its members names and email addresses. Users posted to social platforms like Twitter and Reddit to complain…
Cayman Islands investment fund left entire filestore viewable by world+dog in unsecured Azure blob
Gareth Corfield reports: A Cayman Islands-based investment fund has exposed its entire backups to the internet after failing to properly configure a secure Microsoft Azure blob. Details of the fund’s register of members and correspondence with its investors could be freely read by anyone with the URL to its Azure blob, the Microsoft equivalent of…
Thousands of US lab results and medical records spilled online after a security lapse
Zack Whittaker reports: NTreatment, a technology company that manages electronic health and patient records for doctors and psychiatrists, left thousands of sensitive health records exposed to the internet because one of its cloud servers wasn’t protected with a password. The cloud storage server was hosted on Microsoft Azure and contained 109,000 files, a large portion…