Data breach at Senior Dating website spills info of 765,000 users

A database belonging to matchmaking site, Senior Dating, has been discovered on data leak site Have I Been Pwned (HIBP). The database contains the personally identifiable information of 765,517 users, and the site has since been shut down entirely. The compromised data breach stems from a Google-backed web development platform, Firebase. Another dating site with the same owner, Ladies.com, suffered a similar breach, with 118,809 users exposed. The site, a lesbian dating platform, was also shut down shortly after the leak, on December 4.

Yearlong supply-chain attack targeting security pros steals 390K credentials

A sophisticated and ongoing supply-chain attack operating for the past year has been stealing sensitive login credentials from both malicious and benevolent security personnel by infecting them with Trojanized versions of open source software from GitHub and NPM, researchers said. The campaign, first reported three weeks ago by security firm Checkmarx and again on Friday by Datadog Security Labs, uses multiple avenues to infect the devices of researchers in security and other technical fields. One is through packages that have been available on open source repositories for over a year. They install a professionally developed backdoor that takes pains to conceal its presence. The unknown threat actors behind the campaign have also employed spear phishing that targets thousands of researchers who publish papers on the arXiv platform.

New Investment Scam Leverages AI, Social Media Ads to Target Victims Worldwide

Cybersecurity researchers are calling attention to a new kind of investment scam that leverages a combination of social media malvertising, company-branded posts, and artificial intelligence (AI) powered video testimonials featuring famous personalities, ultimately leading to financial and data loss. “The main goal of the fraudsters is to lead victims to phishing websites and forms that harvest their personal information,” ESET noted in its H2 2024 Threat Report shared with The Hacker News. The Slovak cybersecurity company is tracking the threat under the name Nomani, a play on the phrase “no money.” It said the scam grew by over 335% between H1 and H2 2024, with more than 100 new URLs detected daily on average between May and November 2024.

Rhode Island suffers major cyberattack, exposing personal data of thousands

Rhode Island has suffered a severe cyberattack that has potentially exposed the personal data of hundreds of thousands of residents enrolled in state-run social services programs since 2016. Officials confirmed that RIBridges, the government system for programs like Medicaid and SNAP, was infiltrated by an international cybercriminal group. Governor Dan McKee confirmed that sensitive information — including Social Security and bank account details — has likely been stolen in the breach, which officials attribute to an international cybercriminal group.

Major Auto Parts Firm LKQ Hit by Cyberattack

LKQ Corporation, a major US-based provider of auto parts, informed the SEC late last week that a recent cyberattack caused disruptions at a Canadian business unit. LKQ provides parts for repairing and accessorizing consumer cars and other vehicles. The company has 1,600 locations across two dozen countries, and a total of 45,000 employees. In an 8-K filing with the SEC, the company revealed that it detected unauthorized access to IT systems at a single business unit in Canada on November 13. The cyberattack caused disruptions at the impacted business unit for “a few weeks”, but the unit is now operating near full capacity and the threat is believed to have been contained.