Hackerzhome

hackerzhome-logo-bg

Cybersecurity news all over the world

HACKERZHOME NEWS

December 24, 2022

Saturday

EU privacy watchdog looks into the massive Twitter data leak

Following news allegations of a significant Twitter data leak from last month, the Irish Data Protection Commission (DPC) has opened an investigation.

More than 5.4 million Twitter users were impacted by this leak, which contained both public data scraped from the website and private phone numbers and email addresses.

The information was accessed by taking advantage of an API flaw that Twitter rectified in January.

The Data Protection Commission (DPC), which is Twitter’s primary EU watchdog, is investigating whether the social media behemoth has complied with its obligations as a data controller regarding the processing of user data and whether any laws, including the General Data Protection Regulation (EU GDPR) and the Data Protection Act 2018, have been broken.

 Two years ago, the DPC penalized Twitter €450,000 (about $550,000) for failing to report a breach to the DPC within the 72-hour window mandated by the GDPR and for failing to provide proper breach documentation.

The DPC also fined Meta €265 million ($275.5 million) in November 2021 for a significant data breach on Facebook that exposed the personal data of hundreds of millions of users globally.

NEWS 1
EU privacy watchdog looks into the massive Twitter data leak

Breaking news

LIVE

You are not up to date!

Subscribe to our newsletter and stay updated on cybersecurity news

Accounts for Comcast Xfinity were compromised in widespread 2FA bypass attacks.

Customers of Comcast Xfinity say that widespread attacks that obstruct two-factor authentication have compromised their accounts. The passwords for other services, including the cryptocurrency exchanges Gemini and Coinbase, are then reset using these hacked accounts.

Many Xfinity email subscribers started getting warnings that their account information had changed on December 19th. However, because the passwords had been altered, they were unable to access the accounts.

They learned they had been hacked and that a backup email with the fictitious @yopmail.com domain had been added to their profile after recovering access to the accounts.

Like Gmail, Xfinity lets customers set up a backup email address that will be used for account notifications and password resets if they ever lose access to their Xfinity account.

NEWS 2

For placing advertisements and promotions in this newspaper, or anywhere on our website, contact us through email at [email protected] or fill out this contact form.

Share this news:

December 24, 2022 /

Saturday

Hackerzhome News

2

W4SP Stealer Found in Several PyPI Packages with Different Names

W4SP Stealer Found in Several PyPI Packages with Different Names

Threat actors have uploaded yet another batch of malicious packages to the Python Package Index (PyPI) with the intention of infecting developer computers with malware that steals information.

Intriguingly, cybersecurity firm Phylum discovered that despite the virus going by a number of aliases, including ANGEL Stealer, Celestial Stealer, Fade Stealer, Leaf $tealer, PURE Stealer, Satan Stealer, and @skid Stealer, they are all variations of W4SP Stealer.

The main purpose of W4SP Stealer is to steal user information, such as passwords, cryptocurrency wallets, Discord tokens, and other valuable files. The actor BillyV3, BillyTheGoat, and billythegoat356 is the one who wrote and published it.

Proxybooster, upamonkws, captchaboy, sysuptoer, nowsys, infosys, py4sync, modulesecurity, chazz, sys-ej, informmodule, easycordeyy, proxygeneratorbil, tomproxies easycordey, and, randomtime, are the 16 rogue modules.

NEWS 3

Hackers take advantage of a flaw in the 50K+ install WordPress gift card plugin.

Hackers take advantage of a flaw in the 50K+ install WordPress gift card plugin.
NEWS 4

A significant vulnerability in the YITH WooCommerce Gift Cards Premium WordPress plugin, which is installed on over 50,000 websites, is actively being targeted by hackers.

Website owners can sell gift cards in their online stores with the plugin YITH WooCommerce Gift Cards Premium.

Web shells that grant full site access can be uploaded to susceptible websites by unauthenticated attackers by taking advantage of the vulnerability, identified as CVE-2022-45359 (CVSS v3: 9.8).

Unfortunately, a lot of websites continue to utilize outdated, weak versions, and attackers have already created a successful exploit to target them.

The exploitation attempt is well underway, according to Wordfence’s WordPress security specialists, who are using the vulnerability to post backdoors on the websites, acquire remote code execution, and launch takeover operations.

New Privacy-Focused Database Querying System: FrodoPIR

The creators of the open-source Brave web browser have introduced FrodoPIR, a new data querying and retrieval system that protects user privacy.

The goal, according to the business, is to develop a wide range of use cases using the technology, including secure browsing, checking certificate revocation, screening passwords against hacked databases, and streaming, among others.

Private information retrieval, or PIR for short, is a cryptographic protocol that enables users, also known as clients, to retrieve data from a database server without disclosing to the owner which element was chosen.

In other words, the objective is to allow users to search a platform for information (let’s say, culinary videos) without allowing the service provider to extrapolate from a user’s search history to provide tailored recommendations or adverts based on the search parameters.

New Privacy-Focused Database Querying System FrodoPIR
NEWS 5

For placing advertisements and promotions in this newspaper, or anywhere on our website, contact us through email at [email protected] or fill out this contact form.

Share this news:

One Response

Leave a Reply

Your email address will not be published. Required fields are marked *