VF Corp., the parent company of the popular apparel brands Vans, Supreme, and The North Face, said Thursday that hackers stole the personal data of 35.5 million customers in a December cyberattack. The Denver, Colorado-based company reported the data breach to regulators in a filing on Thursday. The filing did not say specifically what kinds of personal data was taken, or if the company yet knows what was stolen. VF Corp. spokesperson Colin Wheeler did not respond to an email from TechCrunch requesting more information.
A security researcher in Germany has been fined €3,000 ($3,300, £2,600) for finding and reporting an e-commerce database vulnerability that was exposing almost 700,000 customer records. Back in June 2021, according to our pals at Heise, an contractor identified elsewhere as Hendrik H. was troubleshooting software for a customer of IT services firm Modern Solution GmbH. He discovered that the Modern Solution code made an MySQL connection to a MariaDB database server operated by the vendor. It turned out the password to access that remote server was stored in plain text in the program file MSConnect.exe, and opening it in a simple text editor would reveal the unencrypted hardcoded credential.
One of the indicted individuals is Aleksey Timofeyevich Stroganov, also known as Aleksei Stroganov, Flint, Flint24, Gursky Oleg, and Oleg Gurskiy. He and his accomplices allegedly hacked into the computers of companies and individuals in an effort to steal personal information, including credit and debit card data. Stroganov and the others obtained hundreds of millions of payment card and banking account records, which they sold on cybercrime forums, causing losses totaling $35 million to impacted financial institutions.
Russia-state hackers exploited a weak password to compromise Microsoft’s corporate network and accessed emails and documents that belonged to senior executives and employees working in security and legal teams, Microsoft said late Friday. The attack, which Microsoft attributed to a Kremlin-backed hacking group it tracks as Midnight Blizzard, is at least the second time in as many years that failures to follow basic security hygiene has resulted in a breach that has the potential to harm customers. One paragraph in Friday’s disclosure, filed with the Securities and Exchange Commission, was gobsmacking.
People put a lot of trust in their mobile phones; we use them to make payments, do work, and jot down last night’s weird dreams (thank you Notes app). But unfortunately, they can also be used to target us, and a new study from MIT researchers has revealed how hackers could take advantage of a phone’s light sensor to track and reconstruct our activity. Ambient light sensors are used by phones to detect surrounding light levels and adjust brightness accordingly, if it’s on an auto-adjust setting. Whilst other phone features require user permission for apps to access them, such as the camera or microphone, light sensors typically don’t. It’s this that researchers believe could be exploited.