July 14, 2024 at 10:10PM
Commercial spyware maker mSpy has been breached, exposing millions of customers’ data including email addresses, IP addresses, and photos. The company, previously breached in 2015 and 2018, is involved in stalkerware applications. Additionally, critical vulnerabilities, plaintext data transmission by Linksys routers, and the targeting of Latin American airlines by Akira ransomware group were reported.
Key points from the meeting notes:
1. Commercial spyware maker mSpy has been breached again, leading to the exposure of millions of customer records, including sensitive personal data and photos.
2. The US Cybersecurity and Infrastructure Security Agency warned about critical vulnerabilities in OT software, including a significant vulnerability in license management server software made by PTC.
3. Linksys Velop Pro Wi-Fi routers were found to be sending plain-text data, including SSIDs, passwords, and session access tokens, which could be exploited in a man-in-the-middle attack.
4. An international review found that “dark patterns” that manipulate consumers into giving up data and privacy are prevalent in apps and websites.
5. A novel exploit targeting a vulnerability in Windows MSHTML has emerged, using Internet Explorer to install a malicious HTML application.
6. The Akira ransomware group has targeted Latin American airlines, highlighting the need for organizations to patch disclosed exploits and keep their systems up to date.