"Shopify denies it was hacked, links stolen data to third-party app."

Views expressed in this cybersecurity, cyber crime update are those of the reporters and correspondents.  Accessed on 07 July 2024, 2131 UTC.

Content and Source:  https://feedly.com/i/collection/content/user/f401222a-bca6-4c45-9cc1-183f239e8d86/category/7737d3c9-5fe2-4b34-8708-85e57085f895/Security News Bundle.

Please scroll down to read your selections.  Thanks for joining us today.

Russ Roberts (https://www.hawaiicybersecurityjournal.com).

Security News Bundle

45

MOST POPULAR

Shopify denies it was hacked, links stolen data to third-party app

Shopify data breach exposes users

•

40BleepingComputer / 6h

E-commerce platform Shopify denies it suffered a data breach after a threat actor began selling customer data they claim was stolen from the company's network. [...]

Security Affairs Malware Newsletter – Round 1

Security Affairs / 6h

Today marks the launch of the Security Affairs newsletter, specializing in Malware. This newsletter complements the weekly one you already receive. Each week, it will feature a collection of the best articles and research on malware. CapraTube Remix | Transparent Tribe’s Android Spyware Targeting Gamers, Weapons Enthusiasts Supply Chain Compromise Leads to Trojanized Installers for Notezilla, Rec

Hacker Stole Secrets From OpenAI

Hacker breached OpenAI

•

22SecurityWeek / 2d

ChatGPT maker OpenAI was breached in 2023, but the company says source code and customer data were not accessed. The post appeared first on SecurityWeek .

TODAY

Apache fixed a source code disclosure flaw in Apache HTTP Server

4 TTPs

•

Security Affairs / 3h

The Apache Foundation addressed a critical source code disclosure vulnerability, tracked as CVE-2024-39884, in the HTTP Server. The Apache Software Foundation has addressed multiple vulnerabilities in its popular Apache HTTP Server. The vulnerabilities include denial-of-service (DoS), remote code execution, and unauthorized access issues. One of these vulnerabilities is a critical source code dis

Europol says Home Routing mobile encryption feature aids criminals

Europol warns of PET challenges

•

23BleepingComputer / 6h

Europol is proposing solutions to avoid challenges posed by privacy-enhancing technologies in Home Routing that hinder law enforcement's ability to intercept communications during criminal investigations. [...]

YESTERDAY

Security Affairs newsletter Round 479 by Pierluigi Paganini – INTERNATIONAL EDITION

Security Affairs / 11h

A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. GootLoader is still active and efficient Hackers stole OpenAI secrets in a 2023 security breach Hackers leak 170k Taylor Swift’s ERAS Tour Barcodes Polyfi

Alabama State Department of Education suffered a data breach following a blocked attack

Alabama State Education cyber attack investigation

•

Security Affairs / 12h

Alabama’s education superintendent disclosed a data breach following a hacking attempt on the Alabama State Department of Education. The Alabama State Department of Education announced it had thwarted a ransomware attack on June 17, however, threat actors accessed some data and disrupted services before the attack was stopped. Superintendent Eric Mackey, who disclosed the attack, said they are wo

Russian-Linked Cybercampaigns put a Bull’s-Eye on France. Their Focus? The Olympics and Elections

Russian cybercampaigns target France Olympics

•

SecurityWeek / 22h

Baptiste Robert, a French cybersecurity expert, called on his government – and especially lawmakers – to prepare for the digital threats to come. The post appeared first on SecurityWeek .

GootLoader is still active and efficient

12 TTPs

•

Security Affairs / 1d

•

GootLoader malware active

Researchers warn that the malware GootLoader is still active and threat actors are still using it in their campaigns. Threat actors continue to use GootLoader malware in their campaigns, Cybereason researchers warn. The malware has evolved, resulting in several versions, with GootLoader 3 currently in use. Despite updates to the payload, the infection strategies and overall functionality have rem

JUL 5, 2024

Hackers stole OpenAI secrets in a 2023 security breach

27Security Affairs / 1d

The New York Times revealed that OpenAI suffered a security breach in 2023, but the company says source code and customer data were not compromised. OpenAI suffered a security breach in 2023, the New York Times reported. The American newspaper revealed that the threat actors gained access to the internal discussions among researchers and other employees, but they did not access the source code of

Devs claim Apple is banning VPNs in Russia 'more effectively' than Putin

Russia forces Apple remove VPNs

•

The Register – Security / 1d

Mozilla shows guts with its extensions – but that's the way the Cook, he crumbles Updated At least two VPNs are no longer available for Russian iPhone users, seemingly after the Kremlin's internet regulatory agency Roskomnadzor demanded Apple take them down.…

Cloudflare blames recent outage on BGP hijacking incident

100+BleepingComputer / 2d

Internet giant Cloudflare reports that its DNS resolver service, 1.1.1.1, was recently unreachable or degraded for some of its customers because of a combination of Border Gateway Protocol (BGP) hijacking and a route leak. [...]

RansomHub says it published Florida health department data

Florida health data ransomware attacks

•

CyberScoop / 2d

The post appeared first on CyberScoop .

Euro Vishing Fraudsters Add Physical Intimidation to Arsenal

Dark Reading / 2d

The persistent threat of social engineering tactics sees cybercriminals blending technology with human manipulation to exploit individuals.

Hackers leak alleged Taylor Swift tickets, amp up Ticketmaster extortion

Snowflake data breaches affecting customers

•

26BleepingComputer / 2d

Hackers have leaked what they claim is Ticketmaster barcode data for 166,000 Taylor Swift Eras Tour tickets, warning that more events would be leaked if a $2 million extortion demand is not paid. [...]

Cancer patient forced to make terrible decision after Qilin attack on London hospitals

Cancer patient faces surgery cancellation

•

The Register – Security / 2d

Skin-sparing mastectomy and breast reconstruction scrapped as result of ransomware at supplier Exclusive The latest figures suggest that around 1,500 medical procedures have been canceled across some of London's biggest hospitals in the four weeks since Qilin's ransomware attack hit pathology services provider Synnovis. But perhaps no single person was affected as severely as Johanna Groothuizen.

New Eldorado ransomware targets Windows, VMware ESXi VMs

4 TTPs

•

83BleepingComputer / 2d

A new ransomware-as-a-service (RaaS) called Eldorado emerged in March and comes with locker variants for VMware ESXi and Windows. [...]

Europol Says Mobile Roaming Tech Is Making Its Job Too Hard

Packet Storm Security / 2d

[no content]

Latest Ghostscript Vulnerability Haunts Experts As The Next Big Breach Enabler

7 TTPs

•

Packet Storm Security / 2d

[no content]

OVHcloud Sees Record 840 Mpps DDoS Attack

OVHcloud mitigates record DDoS attack

•

Packet Storm Security / 2d

[no content]

Crypto Hacking Thefts Double To 1.4 Billion In First Half Of 2024

Crypto thefts double to $1.4 billion

•

Packet Storm Security / 2d

[no content]

Ensuring AI Safety While Balancing Innovation

Dark Reading / 2d

Experts will explore the oft-neglected necessity of AI safety and its integration with security practices at next month's Black Hat USA in Las Vegas.

Why Cyber Teams Should Invest in Strong Communicators

Dark Reading / 2d

As automation spreads and relieves security pros of time-consuming management tasks, their ability to articulate complex cybersecurity risks with the C-suite is increasingly valuable.

Are SOC 2 Reports Sufficient for Vendor Risk Management?

Dark Reading / 2d

SOC 2 reports are a valuable tool for evaluating vendor security, but they shouldn't be the only piece of the puzzle.

Singapore is working on technical guidelines for securing AI systems

ZDNet | Security / 2d

The voluntary guidelines will be a reference for cybersecurity professionals looking to improve AI security.

Hackers leak 170k Taylor Swift’s ERAS Tour Barcodes

Ticketmaster breach exposes Taylor Swift tickets

•

43Security Affairs / 2d

The threat actor Sp1d3rHunters leaked valid Taylor Swift ’s ERAS Tour barcodes threatening to leak more data and blackmailing Ticketmaster. A threat actor that goes online with the moniker Sp1d3rHunters leaked 170,000 valid barcodes for Taylor Swift’s ERAS Tour for free. The bar codes are valid for the upcoming concerts of Taylor Swift in Miami, New Orleans, and Indianapolis. The threat actor dem

Webinar Alert: Learn How ITDR Solutions Stop Sophisticated Identity Attacks

32The Hacker News / 2d

Identity theft isn't just about stolen credit cards anymore. Today, cybercriminals are using advanced tactics to infiltrate organizations and cause major damage with compromised credentials. The stakes are high: ransomware attacks, lateral movement, and devastating data breaches. Don't be caught off guard. Join us for a groundbreaking webinar that will change the way you approach cybersecurity.

OVHcloud Hit with Record 840 Million PPS DDoS Attack Using MikroTik Routers

3 TTPs

•

100+The Hacker News / 2d

•

OVHcloud mitigates record DDoS attack

French cloud computing firm OVHcloud said it mitigated a record-breaking distributed denial-of-service (DDoS) attack in April 2024 that reached a packet rate of 840 million packets per second (Mpps). This is just above the previous record of 809 million Mpps reported by Akamai as targeting a large European bank in June 2020. The 840 Mpps DDoS attack is said to have been a combination of a TCP

Euro 2024 Becomes Latest Sporting Event to Attract Cyberattacks

Dark Reading / 2d

Cybercriminals are selling credentials linked to the tournament on underground markets, with some geopolitics playing out in denial-of-service attacks.

Latest Ghostscript vulnerability haunts experts as the next big breach enabler

7 TTPs

•

The Register – Security / 2d

There's also chatter about whether medium severity scare is actually code red nightmare Infosec circles are awash with chatter about a vulnerability in Ghostscript some experts believe could be the cause of several major breaches in the coming months.…

A CISO's Guide to Avoiding Jail After a Breach

22Dark Reading / 2d

Yahoo, Uber, SolarWinds — increasingly, the government is incentivizing better corporate security by punishing the individuals leading it. Is that a good idea? And how can security pros avoid ending up on the butt end of a lawsuit?

How Intelligence Sharing Can Help Keep Major Worldwide Sporting Events on Track

SecurityWeek / 2d

The Olympic Games is only 29 days long, so set up and take down is a very intense period, where the threat actors can take advantage. The post appeared first on SecurityWeek .

In Other News: Microsoft Details ICS Flaws, Smart Grill Hacking, Predator Spyware Activity

5 TTPs

•

SecurityWeek / 2d

Noteworthy stories that might have slipped under the radar: Microsoft details Rockwell HMI vulnerabilities, smart grills hacked, Predator spyware activity drops. The post appeared first on SecurityWeek .

OVHcloud Sees Record 840 Mpps DDoS Attack

2 TTPs

•

SecurityWeek / 2d

•

OVHcloud mitigates record DDoS attack

OVHcloud says it mitigated the largest ever DDoS attack leveraging packet rate, which peaked at 840 Mpps. The post appeared first on SecurityWeek .