"A treasure trove of customer data, allegedly stolen from mobile carrier US Cellular, has been offered up for free on the dark web.
A dark web hacker claims to have obtained the stolen data belonging to 144 thousand US Cellular mobile customers and is now offering it up for free on the popular black market leak site BreachForums.
"New versions of the Prilex point-of-sale malware can block secure, NFC-enabled contactless credit card transactions, forcing consumers to insert credit cards that are then stolen by the malware.
On a payment terminal, contactless transactions use NFC (Near Field Communication) chips embedded in credit cards and mobile devices to conduct close-proximity payments via credit cards, smartphones, or even smartwatches.
"GitHub says unknown attackers have stolen encrypted code-signing certificates for its Desktop and Atom applications after gaining access to some of its development and release planning repositories.
So far, GitHub has found no evidence that the password-protected certificates (one Apple Developer ID certificate and two Digicert code signing certificates used for Windows apps) were used for malicious purposes.
"Microsoft is seemingly preparing to introduce more artificial intelligence (AI) features into its toolkit. Results of a new survey suggest the majority of Western business leaders want to automate daily tasks.
"Microsoft urged customers today to keep their on-premises Exchange servers patched by applying the latest supported Cumulative Update (CU) to have them always ready to deploy an emergency security update.
Redmond says that the Exchange server update process is "straightforward" (something that many admins might disagree with) and recommends always running the Exchange Server Health Checker script after installing updates.
"A Yandex source code repository allegedly stolen by a former employee of the Russian technology company has been leaked as a Torrent on a popular hacking forum.
Yesterday, the leaker posted a magnet link that they claim are 'Yandex git sources' consisting of 44.7 GB of files stolen from the company in July 2022. These code repositories allegedly contain all of the company's source code besides anti-spam rules."
"Microsoft is investigating an ongoing outage impacting multiple Microsoft 365 services after customers have reported experiencing connection issues.
"We're investigating issues impacting multiple Microsoft 365 services. We've identified a potential networking issue and are reviewing telemetry to determine the next troubleshooting steps," the Microsoft 365 team said in a Twitter thread.
"Apple released iOS 16.3 today with long-awaited support for hardware security keys to provide extra protection against phishing attacks and unauthorized access to your devices.
Hardware security keys are small physical devices that resemble thumb drives and support USB-C (using an adapter) or Near-field communication (NFC) to connect to a Mac or iPhone.
"July. Cisco Talos observed threat actors reacting to these changes by moving away from malicious macros as an initial access method in favor of other types of executable attachments.
Riot Games, the video game developer and publisher behind League of Legends and Valorant, says it will delay game patches after its development environment was compromised last week.
"PayPal is sending out data breach notifications to thousands of users who had their accounts accessed through credential stuffing attacks that exposed some personal data.
Credential stuffing are attacks where hackers attempt to access an account by trying out username and password pairs sourced from data leaks on various websites.
