Josh Breiner and Bar Peleg report: The Population and Immigration Authority illegally shared in the past seven years the facial images of millions of Israelis with an unnamed government agency. The actions of the Interior Ministry division were disclosed in an official report published last week by Roy Friedman, the head of the Israel National…
Bayonne Police Sergeant Charged With Unauthorized Use of Law Enforcement Database
Statement by the Hudson County Prosecutor’s Office: Hudson County Prosecutor Esther Suarez has released the following information: On Tuesday, May 24, 2022, a Bayonne Police Sergeant was arrested on a computer crime charge involving the unauthorized use of a law enforcement database. Richard Killmer, 33, is charged with one count of Computer Theft in violation…
Fake Windows exploits target infosec community with Cobalt Strike
Lawrence Abrams reports: A threat actor targeted security researchers with fake Windows proof-of-concept exploits that infected devices with the Cobalt Strike backdoor. Whoever is behind these attacks took advantage of recently patched Windows remote code execution vulnerabilities tracked as CVE-2022-24500 and CVE-2022-26809. Read more at BleepingComputer.
Open source packages with millions of installs hacked to harvest AWS credentials
ITPro reports: Software developers and cyber security experts have discovered a new software supply chain hack that is attempting to harvest Amazon Web Services (AWS) cloud credentials. The compromise of two popular open-source packages – Python’s eight-year-old CTX and PHP’s phpass – has led to developers scrambling to understand their exposure to the threat. A combined 3 million users…
FTC Blog: “The FTC Act Creates a De Facto Breach Disclosure Requirement”
Joseph Lazarrotti of JacksonLewis writes: On May 20, 2022, the Federal Trade Commission’s Team CTO and the Division of Privacy and Identity Protection published a blog post entitled, “Security Beyond Prevention: The Importance of Effective Breach Disclosures.” In the post, the FTC takes the position that in some cases there may be a de facto data breach…
The truth about China’s Uyghur camps Beijing is trying to hide: Hacked data reveals thousands of prisoners forced to undergo ‘re-education’… with a shoot-to-kill policy for anyone who tries to flee
Chris Pleasance reports: Thousands of photographs, spreadsheets and classified documents hacked from Chinese police servers have shed a horrifying new light on the terrors Uyghur Muslims have been subjected to in ‘re-education camps’ and prisons in Xinjiang, as part of a state-sponsored campaign aimed at ‘breaking’ their cultural identity. The treasure trove of data lays…