Amber DaSilva reports: If you own a modern Subaru, chances are you’ve heard of Starlink — the company’s connected services suite, which lets you control your car through an app or call roadside assistance to your location. That system, though, has other functionality that you might not know: Storing your car’s location history for the last year, and making that…
Research Report: The Insider Threat Digital Recruitment Marketplace
An interesting report by Nisos looks at those selling or advertising insider access and those recruiting insiders at firms. From the report: Executive Summary Nisos routinely monitors mainstream and alternative social media platforms, as well as cloud-based messaging applications and dark web forums to identify individuals and networks advertising insider access or recruiting insiders at…
Cloudflare CDN flaw leaks user location data, even through secure chat apps
Bill Toulas reports: A security researcher discovered a flaw in Cloudflare’s content delivery network (CDN), which could expose a person’s general location by simply sending them an image on platforms like Signal and Discord. While the geo-locating capability of the attack is not precise enough for street-level tracking, it can provide enough data to infer what…
Oxfam Hong Kong data leak: charity violated data protection law
Ambrose Li reports: The local arm of international charity Oxfam violated the data protection law following a leak in July that potentially affected 550,000 people, Hong Kong’s privacy watchdog ruled in an investigation report on Thursday. […] “The privacy commissioner considered that Oxfam had not taken all practicable steps to ensure that the personal data…
Do-Over: “Pompompurin” to be Re-Sentenced
When the owner of the original BreachForums, Conor Fitzpatrick, aka “Pompompurin,” was sentenced in January of 2024 to time served plus 20 years supervised release with special conditions, it was a shock. Although young, Fitzpatrick had pleaded guilty to conspiracy to commit access device, access device fraud, and possession of child pornography. Based on federal…
NY Attorney General James Announces Court Win Allowing Lawsuit Against Citibank to Continue
AG James Sued Citi for Failing to Protect Customers from Fraud, Costing New Yorkers Millions NEW YORK – New York Attorney General Letitia James today announced a significant victory in her case against Citibank (Citi) after a judge denied Citi’s motion to dismiss the Office of the Attorney General’s (OAG) lawsuit on its core claims…