Technology products supplier Intcomex Corp. has suffered a data breach and about a terabyte of its user data was released on a hacking forum.
First reported by Cybernews today, the leaked data included credit card details, passport numbers, license scans, personally identifiable information, payroll data, financial documents, customer details, employee information and more.
Parts of the data were first released for free on a Russian hacking forum Sept. 14, with more released Sept. 20. Those behind the hack are promising to release even more data in the future.
Intcomex hasn’t formally disclosed the data breach on its website, but the company did confirm the hack to Cybernews. In a tick box of standard responses, Intcomex said it had taken steps to address the situation, had “engaged third-party cybersecurity experts to assist us in the investigation and… implemented additional enhanced security measures. We also notified law enforcement. We are notifying affected
A major hack that compromised Uganda’s mobile money network has plunged the country’s telecoms and banking sectors into crisis.
The Oct. 3 hack was a result of a security breach on a consumer finance aggregator, Pegasus Technologies, which mainly affected bank to mobile wallet transfers, according to an Oct. 8 statement by MTN Uganda, the country’s largest mobile phone company. Kampala-based Pegasus Technologies provides financial and billing solutions for various companies including all the affected entities.
At least $3.2 million is estimated to have been stolen in this latest incident with some reports quoting a much higher figure. The hackers used around 2,000 mobile SIM cards to gain access to the mobile money payment system, according to local papers. They then instructed the banks to transfer millions of dollars to telecommunication companies who then paid out mobile money to these different SIM cards across the country.
Security flaws in the app for an internet-connected male chastity device could have allowed hackers to permanently lock a user’s penis into the sex toy, researchers have revealed.
Pen Test Partners, a security firm based in the U.K., discovered the vulnerabilities in the Qiui Cellmate smart chastity lock in April. It said that because there is no way to manually unlock the device, an “angle grinder or other suitable heavy tool would be required to cut the wearer free.”
It’s a chilling thought, and Pen Test Partners says it discovered numerous security deficiencies in the app.
While the possibility of getting locked into the chastity device was the most eye-catching danger of those discovered by the security firm, it is also notable that the app was leaking a litany of potentially highly sensitive user data, including names, locations, birthdays, passwords and phone numbers, which could be used for extortion, fraud
Google has announced details of a new plan to ensure that Android smartphone manufacturers keep their devices updated – naming and shaming. Yes, a favourite technique of primary school teachers worldwide, the Californian technology firm has confirmed plans to hunt for dangerous bugs in the tweaked versions of Android that ship on devices from manufacturers like Samsung, Huawei and OnePlus.
Google security researchers already scour the version of Android developed by Google, which is available on its own Pixel-branded line of smartphones, as well as any handsets enrolled in the Android One scheme, like Nokia and HTC. However, Samsung, OnePlus and other third-parties will adapt this version of Android for their own devices – adding support for new features, like the folding screen on the Samsung Galaxy Z Fold2, or new designs, like the unique software design of the Sony Xperia range, for example.
Mobile devices continue their march toward becoming powerful productivity machines. But they are also major security risks if they aren’t managed properly. We look at the latest wisdom and best practices for securing the mobile workforce.
In a security alert published on Thursday, US payments processor Visa revealed that two North American hospitality merchants were hacked and had their system infected with point-of-sale (POS) malware earlier this year.
POS malware is designed to infect Windows systems, seek POS applications, and then search and monitor the computer’s memory for payment card details that are being processed inside the POS payments apps.
“In May and June 2020, respectively, Visa Payment Fraud Disruption (PFD) analyzed malware samples recovered from the independent compromises of two North American merchants,” Visa said.
The US payments processor didn’t name either of the two victims due to
With September coming to a close with yesterday’s close, here is brief recap of all major Bitcoin and cryptocurrency news events of the past month.
MicroStrategy MSTR Doubles Down On Bitcoin
In August, business services company MicroStrategy made headlines when it became the first publicly-listed company to convert portions of its cash reserve into Bitcoin. The company purchased $250 million worth of Bitcoin, taking over 21,000 coins off the open market.
In the press release announcing the first purchase, company CEO Michael J. Saylor remarked:
“This investment reflects our belief that Bitcoin, as the world’s most widely-adopted cryptocurrency, is a dependable store of value and an attractive investment asset with more long-term appreciation potential than holding cash.”
Three weeks after this original announcement, a Securities and Exchange Commission filing indicated MicroStrategy was looking at increasing its exposure to Bitcoin despite it already making up a large portion of its
Singapore-based cryptocurrency exchange KuCoin disclosed today a mega hack. In a statement posted on its website, the company confirmed that a threat actor breached its systems and emptied its hot wallets of all funds.
Hot wallets are cryptocurrency management apps that are connected to the internet. Cold wallets are stored offline.
Cryptocurrency exchanges like KuCoin use hot wallets as their temporary storage systems for assets that are currently being exchanged on the platform, and they are used to power conversion operations and funds transfers.
KuCoin said it detected the hack after observing “some large withdrawals” from its hot wallets on September 26.
The company said it started a security audit and discovered the missing funds. KuCoin said the hacker managed to steal Bitcoin assets, ERC-20-based tokens, along with other types of tokens.
Currently, the loss is estimated at a minimal $150 million, based on an Etherium
A major U.S. provider of software services to state and local governments has acknowledged it was hit by a ransomware attack two days after telling clients an unknown intruder had compromised its phone and information technology systems
JAKE BLEIBERG Associated Press
September 25, 2020, 4:06 PM
• 2 min read
DALLAS — A major U.S. provider of software services to state and local governments acknowledged Friday it was hit by a ransomware attack two days after telling clients an unknown intruder had compromised its phone and information technology systems.
Tyler Technologies said in a statement that it confirmed the intruder used ransomware but did not provide further details on its response, citing an ongoing investigation. A spokesperson for the Dallas-area company did not directly answer a question about whether it had paid to have its systems unlocked.
Ransomware purveyors are increasingly breaking into company and government networks and siphoning