AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 12/12/2024

Top Mexican fintech firm leaks details on 1.6 million customers

A Mexican fintech startup has been found holding a large database full of sensitive customer data wide open on the internet, available for anyone who knows where to look. Security researchers from Cybernews found the database in early September 2024 after a routine investigation of publicly available indexes. The database, belonging to a company called Kapital, contained sensitive data on 1.6 million Mexicans, including voter IDs and selfies.

 

Krispy Kreme cyberattack impacts online orders and operations

US doughnut chain Krispy Kreme suffered a cyberattack in November that impacted portions of its business operations, including placing online orders. Krispy Kreme is an American multinational doughnut and coffeehouse chain operating 1,521 shops and 15,800 points of access and employing 22,800 people as of late 2023. The company has an active partnership with McDonalds to offer its products to thousands of additional locations.

 

Europol announces takedown of major DDoS-for-hire network

Europol has taken down 27 ‘booster’ and ‘stressor’ networks used to conduct distributed denial-of-service (DDoS) attacks in a global operation involving 15 countries. The operation, code named PowerOFF, targeted botnet-for-hire websites including orbitalstress.net, zdstresser.net, and starkstresser.net. Three arrests were made against stressor site administrators, with over 300 site users identified by law enforcement.

 

Google’s latest update allows you to stop and spot hidden Bluetooth trackers

Bluetooth trackers have made losing your keys or bag less of a headache, but they’ve also given people a sneaky way to misuse them. To tackle this, both Apple and Google have introduced alerts to notify you of unknown trackers near you. Now, with a fresh update, Google is taking it a step further by allowing Android users to pinpoint the exact location of those trackers. Google is rolling out two new tools for its Find My Device network. The first, “Temporarily Pause Location,” is meant to be used when you get an unknown tracker notification. You can now pause location updates from your phone for up to 24 hours, preventing any detected unknown tag from using your device’s location during that time.

 

Thousands of Bitcoin ATM users may have personal data leaked after breach

Byte Federal, a US company operating thousands of Bitcoin ATM machines, suffered a data breach in which customer data may (or may not) have been compromised. In a new filing with the Maine Office of the Attorney General, the company said that on September 30 2024, an unidentified threat actor accessed its servers through a bug in third-party software. The company spotted the intrusion on November 18, when it shut down the platform, isolated the bad actor, and secured the compromised server. The bug was in GitLab, which its developers used for project management and collaboration.

Related Posts