Blog

Ransom or “Hacktivism?” Hackers Who Stole 1.1 TB of Disney’s Slack Messaging Data Call It a Protest of AI

Chunks of Disney’s internal Slack messaging are being released to the public via BitTorrent, and surprisingly the Russia-based hacking group behind the data leak does not seem interested in a ransom.
RockYou2024 Password Leak With 10 Billion Entries Makes Headlines, But May be Too Big to be Useful

The “RockYou” files collect and organize existing password leaks. The new 1.5 billion entries, at least what amount of that is made up of valid data, appear to come from breaches that were dumped to the dark web between 2021 and this year.
AT&T’s Second Major Data Breach of 2024 Leaked 110 Million Customer Records

The current data breach exposed the customer records for domestic calls and messages of about 110 million AT&T customers, or about the number of subscribers the company has in the United States.
DOJ: Kremlin and RT Collaborated on Bot Farm to Spread Social Media Disinformation

The Justice Department says that it has taken down a bot farm run by RT for disinformation campaigns, seizing two domain names and 968 X accounts used to spread these posts.
Twilio Backup Carrier Exposed “SMS-Related” Data Via Public Amazon Bucket

A backup carrier for cloud-based communications platform Twilio was found to have an AWS S3 bucket open to the internet for several days, exposing “SMS-related” data including millions of one-time client passwords.
Hacking Group Released 39,000 More Print-At-Home Concert Tickets as Ticketmaster Hack Continues to Expand

Hackers responsible for the Ticketmaster hack has released 39,000 more print-at-home concert tickets, and has promised to release millions more if not paid a ransom. Some 166,000 concert tickets for the extremely popular Taylor Swift tour has already been leaked last month.
Indonesian National Data Center on the Road to Recovery After “Magnanimous” Provision of Ransomware Decryptor by Hackers

Following a refusal by the Indonesian government to pay an $8 million ransom demand, Brain Cipher has provided the ransomware decryptor along with a request for donations.
Authy Data Breach Confirmed by Twilio, Another Unsecured API Endpoint to Blame

Shinyhunters has offered 33 million stolen phone numbers for sale. Twilio has since confirmed the Authy data breach and that the leak occurred due to an improperly secured API endpoint.
Optus Data Breach Penalties Hang in the Balance as ACMA Hones in on API Access Control Coding Error

If ACMA had its way, penalties could go as high as $900 million for the Optus data breach. All of that will hinge on a court’s decision on the company’s handling of a coding error in the access control of an API that lingered for years before being exploited.
AI Models Under Threat From “Skeleton Key” Attacks That Create Universal Jailbreak Ability

The skeleton key approach gets its moniker from its ability to work across multiple LLMs, with the same jailbreak statement or one that is only slightly modified. The ball is now in the courts of the developers of AI models to stop it.

Blog

Got a Question?