A week in security (January 9—15)

Categories: News

Tags: AWIS

Tags: weekly blog roundup

Tags: week in security

Tags: Slack

Tags: GitHub

Tags: Magecart

Tags: Microsoft

Tags: Pokemon NFT

Tags: Facebook

Tags: Instagram

Tags: Snapchat

Tags: TikTok

Tags: YouTube

Tags: Google

Tags: Meta

Tags: identity theft

Tags: Maternal & Family Health Services

Tags: 2023 predictions

Tags: Royal Mail

Tags: K-12 security

Tags: K-12

Tags: WhatsApp

Tags: NSO Group

Tags: Department of Interior

Tags: weak passwords

Tags: Vice Society

Tags: ransomware. Vice Society ransomware

The most interesting security related news from the week of January 9—15.

(Read more…)

The post A week in security (January 9—15) appeared first on Malwarebytes Labs.

Read more

Leaked Chats Show LAPSUS$ Stole T-Mobile Source Code

Credit to Author: BrianKrebs| Date: Fri, 22 Apr 2022 13:09:39 +0000

KrebsOnSecurity recently reviewed a copy of the private chat messages between members of the LAPSUS$ cybercrime group in the week leading up to the arrest of its most active members last month. The logs show LAPSUS$ breached T-Mobile multiple times in March, stealing source code for a range of company projects. T-Mobile says no customer or government information was stolen in the intrusion. LAPSUS$ is known for stealing data and then demanding a ransom not to publish or sell it. But the leaked chats indicate this mercenary activity was of little interest to the tyrannical teenage leader of LAPSUS$, whose obsession with stealing and leaking proprietary computer source code from the world’s largest tech companies ultimately led to the group’s undoing.

Read more

Slack fixes account-stealing bug

Credit to Author: Danny Bradbury| Date: Tue, 17 Mar 2020 12:33:43 +0000

Slack has fixed a bug that allowed attackers to hijack user accounts by tampering with their HTTP sessions.<img src=”http://feeds.feedburner.com/~r/nakedsecurity/~4/i-F9hS91EoQ” height=”1″ width=”1″ alt=””/>

Read more

Slack beefs up mobile security controls for Enterprise Grid

Credit to Author: Matthew Finnegan| Date: Tue, 06 Aug 2019 08:00:00 -0700

Slack today unveiled new security capabilities for Enterprise Grid customers, including tighter controls for admins who oversee mobile device access.

Enterprise Grid was launched in 2017 for Slack’s biggest customers, with additional features to support large-scale deployments. Among the 150 organizations now using Enterprise Grid are Capital One, IBM and Target. 

Slack has continued to build out security and compliance features for the software since its introduction, including the addition of enterprise key management last September.  

To read this article in full, please click here

Read more