IntelBroker Leaks 22,000 Employee Data

andreasc
-
0
IntelBroker Leaks 22,000 Employee Data
[ad_1]
Alleged Home Depot Data Breach: IntelBroker Hacker Leaks 22,000 Employee Data

The notorious hacker IntelBroker claims responsibility for Home Depot’s alleged data breach, exposing employee names, email addresses and departments – No customer data is reported affected!

The notorious IntelBroker hacker has announced a data breach targeting The Home Depot, Inc., a leading multinational home improvement retailer. Claiming to have stolen personal data from over 22,000 employees; the hacker has leaked this information on the cybercrime platform Breach Forums.

Alleged Home Depot Data Breach: IntelBroker Hacker Leaks 22,000 Employee Data
IntelBroker on Breach Forums (Screenshot credit: Hackread.com)

The breach, allegedly occurring in April 2024, exclusively involves Home Depot employee data and does not affect the gigantic customer base spanning the United States, China, Canada, Mexico, and Puerto Rico.

As seen by Hackread.com, the leaked records contained in an 83 MB CSV file include the following information:

  • Full names
  • Departments within Home Depot
  • Project UCID (universally unique identifier)
  • Email addresses (Most of them hosted on @homedepot.com)
Alleged Home Depot Data Breach: IntelBroker Hacker Leaks 22,000 Employee Data
Screenshot from the leaked records (Credit: Hackread.com)

The Home Depot has been informed, awaiting an official statement from the company.

About IntelBroker Hacker

While Home Depot’s customer base remains unaffected, IntelBroker has recently made headlines for its focus on high-profile targets in the United States. Their most recent alleged cyberattacks include breaching Acuity, Inc., a Federal contractor based in Reston, Virginia, and stealing highly sensitive data from U.S. Citizenship and Immigration Services (USCIS) and U.S. Immigration and Customs Enforcement (ICE).

Initially denied by the US government, the data breach was acknowledged ( but yet not verified) on April 3, 2024, when the IntelBroker hacker leaked the entire dataset to verify its authenticity. Consequently, the US Department of Justice has initiated an investigation into the matter.

As for who IntelBroker is, the hacker’s identity and associations remain undisclosed; nevertheless, the United States government has implicated IntelBroker as the alleged culprit in one of the T-Mobile data breaches.

Furthermore, IntelBroker has a history of targeting prominent entities within the United States, with previous breaches affecting institutions such as Los Angeles International Airport, US Department of Defense documents, staffing firm Robert Half, Facebook Marketplace’s database, General Electric’s DARPA-related accesses, Weee! Grocery, and various others.

  1. AT&T Confirms Data Breach Affecting 73 Million Users
  2. Data Breach Exposes Info of 43 Million French Workers
  3. Mintlify Confirms Data Breach Via Hacked GitHub Tokens
  4. American Express Users Hit by 3rd-Party Vendor Data Breach
  5. EquiLend Employee Data Stolen After Jan Ransomware Attack

[ad_2]
Source link

WhatsApp may soon add a picture-in-picture option for videos

andreasc
-
0
WhatsApp may soon add a picture-in-picture option for videos
[ad_1]

Meta regularly updates its app with security patches and new features. WhatsApp, one of the most widely used Meta apps, might receive a picture-in-picture feature for videos in a future update.

Continue using WhatsApp without compromising on video viewing

WhatsApp currently offers a picture-in-picture mode, but its functionality is quite limited. The current picture-in-picture mode on WhatsApp only works during video calls. This means you can continue your WhatsApp video calls in a small video window and simultaneously use the app to send messages and other stuff.

However, with the upcoming update, you might be able to continue watching videos on WhatsApp in a small pop-up window while using the app. Similar to video calls, WhatsApp will create a small pop-up window of the video you’re watching, allowing you to continue using other features of the app. This feature is currently in development on WhatsApp Beta for iOS 24.7.10.73.

The in-development feature will only allow you to watch videos within the app itself. This means that the feature will only work when you are using WhatsApp and will stop working when you switch to any other app.

It’ll be interesting to see when or even if WhatsApp will make its picture-in-picture feature compatible with all apps, so that you can watch WhatsApp videos in a small pop-up window not only while using WhatsApp but while using other apps as well.

WhatsApp is a bit late in introducing the picture-in-picture mode

The picture-in-picture mode is one of the most important features for any chat-based application like WhatsApp. Possibly, WhatsApp is a bit late in introducing it.

WhatsApp’s rival, Telegram, already had access to the picture-in-picture feature for a long time. You simply need to tap the relevant icon in the top-right corner of the playing video to activate this feature. However, it’s better late than never; WhatsApp is finally introducing this feature.

In addition to Telegram, this feature is available on different video streaming platforms such as YouTube and Netflix. On these platforms, you simply need to tap the picture-in-picture mode icon to continue watching videos in a small pop-up window while using your device.

Furthermore, this isn’t the only feature that’s about to come to WhatsApp. In future WhatsApp updates, you will be able to control the media upload quality. Additionally, in the coming few weeks, you will be able to upload a one-minute video as your WhatsApp status.


[ad_2]
Source link

OpenAI now lets you finetune the GPT-4 model

andreasc
-
0
OpenAI now lets you finetune the GPT-4 model
[ad_1]

Many people use OpenAI’s products for personal use. However, a ton of enterprise companies are also using powerful AI tools. This is something that OpenAI is using to its advantage. According to a new report, the company now lets you finetune the powerful GPT-4 model.

Being able to fine-tune AI models lets users create a highly customized version to suit their needs. If a business needs an AI model specifically designed for its business structure, it can take the AI model and fine-tune it accordingly. In August of last year, OpenAI let users finetune the GPT-3.5 model. Well, the company just made the GPT-4 model available for finetuning. So, users will be able to finetune an even more powerful AI model.

OpenAI now lets you finetune the powerful GPT-4 model

It’s hard to overstate the benefits of having customized models. You’ll be able to train models on the type of data you need specifically. So, the model you’re using will have much more knowledge on the subject you’re training it on.

This is great for Enterprise operations. On Friday, OpenAI COO Brad Lightcap said that 2024 is the “year of the enterprise”, and this highlights the company’s focus on building better tools to help companies.

Through the custom models program, businesses can work directly with OpenAI researchers to train custom GPT-4 models to their specific needs. The companies will then have exclusive access to these models. If you’re interested in signing up for this program, you can go to the official page.

Right now, we’re still trying to navigate this new AI age that we’re in. Technology has proven to be a useful tool for businesses around the world. It helps speed up production and refine tasks. So, OpenAI is seizing the opportunity to help businesses flourish. We only expect OpenAI to come out with more business solutions as the year goes on.


[ad_2]
Source link

10M+ Downloaded Dating App Discloses User’s Exact Location

andreasc
-
0
10M+ Downloaded Dating App Discloses User’s Exact Location
[ad_1]

In a groundbreaking Check Point Research (CPR) analysis, vulnerabilities have been uncovered in several popular dating applications, cumulatively boasting over 10 million downloads.

This investigation focused on the inherent risks associated with the use of geolocation data—a feature that, while designed to connect users with potential matches in their vicinity, may compromise their privacy.

Among the scrutinized apps, “Hornet,” a widely used gay dating platform, was found to have significant security flaws that could reveal the exact locations of its users.

CPR’s research highlighted a technique to pinpoint user coordinates using distance information.

Despite Hornet’s efforts to safeguard user privacy by disabling the display of distances, CPR developed a method that achieved location accuracy within 10 meters in controlled experiments.

Following the discovery, Hornet’s developers have taken steps to mitigate these risks, reducing location accuracy to 50 meters.

However, the initial vulnerability posed a substantial privacy risk to its users.

Understanding Geolocation & Possible Dangers

Geolocation technology can pinpoint the real-world geographic location of a device with varying degrees of accuracy.

Document
Run Free ThreatScan on Your Mailbox

Trustifi’s Advanced threat protection prevents the widest spectrum of sophisticated attacks before they reach a user’s mailbox. Try Trustifi Free Threat Scan with Sophisticated AI-Powered Email Protection .

While this technology offers numerous benefits, it also presents several privacy and security risks, such as unauthorized data access, unintended sharing with third parties, and potential exploitation by malicious actors.

Methodology for Determining Distance

CPR’s methodology involved sorting users by ascending the distance order and using two known distances to estimate the target user’s location.

 Estimating the approximate distance to the user based on known distances to neighbors
 Estimating the approximate distance to the user based on known distances to neighbors

Additionally, by registering an additional account with controllable coordinates, researchers could refine their search and narrow the distance between the target and the auxiliary account, achieving remarkable precision.

Technique for determining the distance to the user using the positioning of an auxiliary account
Technique for determining the distance to the user using the positioning of an auxiliary account

Trilateration Methodology

The research utilized a two-step trilateration process, initially identifying two possible candidate locations before selecting the correct solution with information from a third reference point.

This method allowed for an astonishingly high accuracy in determining user locations.

The vulnerabilities discovered in the Hornet dating app underscore the significant privacy risks of exposing user geolocation.

The final location estimate has an error of less than 5 meters
The final location estimate has an error of less than 5 meters

Despite improvements made by Hornet’s developers, the potential for location determination remains.

CPR advises users to exercise caution with app permissions and to disable location services to protect their privacy.

This proactive approach can prevent apps from tracking movements and sharing personal data with external entities, ensuring a safer online dating experience.

Stay updated on Cybersecurity news, Whitepapers, and Infographics. Follow us on LinkedIn & Twitter.


[ad_2]
Source link

Users complain of network issues on the flagship Pixel series

andreasc
-
0
Users complain of network issues on the flagship Pixel series
[ad_1]

Google’s flagship Pixel series has often troubled users despite being praised as one of the best Android smartphones. More recently, the Google Pixel series is again in the news for some wrong reasons as users around the globe complained of network issues on several models.

Google’s March 2024 update is seemingly causing network issues restricting users from receiving texts and calls

In a recent report, Android Authority mentioned the March 2024 update is causing this issue. It seems that the network issue is not limited to just one flagship model, but many. Users have complained about issues with receiving calls and texts on the Pixel 7, Pixel 7 Pro, as well as the top-end model Pixel 8 Pro.

A Reddit user (@ShadoutMapes87), pointed out the issue and claimed that all the calls they receive straight go to the voicemail on their Pixel 7 Pro on Verizon. The user further said that texts are coming in batches throughout the day. Pointing in the same direction, several users commented and confirmed that they are also facing similar issues on their Pixel 7 on Verizon.

Android Authority also spotted a long thread on Google Support forums that features complaints relating to network issues on Pixel flagships. Users have talked about how their phone’s screen will not display incoming calls. Additionally, users mentioned that their device neither notifies nor rings for an incoming call. It is worth noting that not only users on a specific carrier or model are facing this issue. Users on other carriers and devices have reported the same problem.

No troubleshooting or April 2024 update seems to be fixing the network issues on flagship Google Pixel phones

Users have tried and tested different troubleshooting methods to fix network issues on the Google Pixel flagship. But, they mentioned all the efforts to fix the issue seemed worthless. The network issue is seemingly affecting users from receiving incoming calls and texts, mostly when they aren’t around their phones. That’s not all, the worst part is that the April 2024 update for Pixel phones also didn’t fix this annoying issue.

All that said, it’s not the first time we have heard of issues on Google’s flagship Pixel series phones. There have been numerous occasions when these devices were criticized in the past for storage issues, scrolling issues, and more.


[ad_2]
Source link

New Standalone ESPN Streamer Launches in Fall 2025

andreasc
-
0
New Standalone ESPN Streamer Launches in Fall 2025
[ad_1]

There’s going to be a pretty sizable shift in sports streaming this fall, when the joint venture sports streaming service with Disney, Fox, and Warner Bros Discovery launches. But that’s not all, as Disney is planning to launch a standalone ESPN streaming service that would replace ESPN Plus, and that’s expected to launch in the Fall of 2025.

This new ESPN streaming service, which Disney is currently calling its “flagship” streamer as it doesn’t have a name it’s using publicly just yet. It can be bundled with Disney Plus and Hulu, of course. However, no pricing has been announced for the new ESPN streaming service.

Disney’s CEO, Bob Iger talked about this service at the annual shareholders meeting, and said that it would have “the full suite of EPSON channels” in the subscription and it would be available “in the fall of 2025”. That’s an excellent time to launch this service, seeing as College Football and the NFL are crucial to ESPN.

This ESPN service will be more than just streaming

Iger also mentioned that the new standalone ESPN streaming service would be more than just streaming content and the various ESPN channels. The service will include sports betting, fantasy sports, and e-commerce. Of course, all of the live sports and studio commentary you’d expect from ESPN will also be available.

Disney believes that the “current and future direct-to-consumer offerings are a clear differentiator for the company in a very competitive landscape.” The company has also said in the past that not everything it owns will make it into the joint venture with Fox and Warner Bros Discovery. This means it’s likely that you’d need to sign up for both. That’s going to get quite pricey, but we don’t have a price on either service just yet. The joint venture is set to launch this fall, while the new standalone ESPN service is next fall.


[ad_2]
Source link

Samsung’s Object Eraser gets turbocharged with Magnetic Lasso feature

andreasc
-
0
Samsung’s Object Eraser gets turbocharged with Magnetic Lasso feature
[ad_1]

With the introduction of One UI 6.1, Samsung boosted the user experience in photo editing with its built-in Samsung Photo Editor, by adding a cutting-edge feature known as Generative Edit.

Brace yourselves, as the innovation doesn’t stop; the app’s already versatile tool set receives another boost with an update to the Object Eraser tool (this allows you to remove unwanted objects from an image, if you can believe it – the name isn’t revelatory at all, right?).

Enter the remarkable Magnetic Lasso option (it’s rolling out in the latest “v3.4.21.41” version of the Photo Editor app).

Previously, Object Eraser offered two main options for erasing undesirables from your photos: a tap-to-select feature which, while automatic, often lacked precision in selection and outlining, and a manual outlining method that proved challenging to execute accurately with just finger swipes on a smartphone screen. The results, as expected, were less than ideal, leaving users craving more control and precision.

Enter Magnetic Lasso, Samsung’s solution to these challenges, bridging the gap between ease of use and meticulous control. This feature allows you to draw a rough outline around the object you wish to remove; the Magnetic Lasso then intelligently clings to the edges of the object, ensuring a precise selection without the fuss of perfect outlining.

SamMobile‘s report says this new feature (the Magnetic Lasso) produces far more satisfactory results compared to the original methods on the Galaxy S23.

To delve into this enhanced editing experience, simply navigate to the Object Eraser tool within the Edit > Tools menu of any image in the Gallery. The Magnetic Lasso feature is conveniently enabled by default but can be toggled off if desired. While this version of the Samsung Photo Editor app was initially accessed via APKMirror, it’s anticipated that Samsung will soon commence its rollout through the Galaxy Store, marking another step forward in the realm of mobile photo editing.

[ad_2]
Source link

LayerSlider WordPress Plugin Vulnerability Threatens Websites

andreasc
-
0
LayerSlider WordPress Plugin Vulnerability Threatens Websites
[ad_1]

WordPress admins using the LayerSlider plugin on their websites must update their sites with the latest plugin release as soon as possible. The plugin developers patched a critical security vulnerability in LayerSlider that could allow SQL injection attacks from unauthenticated attackers.

LayerSlider Plugin Had A Critical SQL Injection Vulnerability

According to a recent report from Wordfence, a security researcher found a critical vulnerability in the popular WordPress plugin LayerSlider. The researcher discovered an SQL injection flaw that could let an adversary steal data.

Specifically, the vulnerability affected the plugin’s ls_get_popup_markup action. The plugin uses this action to query sliders markup for popup, allowing to specify “id” with the ‘id’ parameter. However, in case of no specific number in the parameter, the plugin would pass the query without sanitization, ultimately allowing SQL injection. The researchers have explained the technicality behind this flaw in their report.

Exploiting the vulnerability requires the adversary to use a time-based blind approach to steal data. Regarding this approach, Wordfence stated,

Since Union-Based SQL injection is not possible due to the structure of the query, an attacker would need to use a time-based blind approach to extract information from the database. This means that they would need to use SQL CASE statements along with the SLEEP() command while observing the response time of each request to steal information from the database. This is an intricate, yet frequently successful method to obtain information from a database when exploiting SQL Injection vulnerabilities.

This vulnerability, CVE-2024-2879, received a critical severity rating and a CVSS score of 9.8. The flaw typically affected LayerSlider plugin versions 7.9.11–7.10.0.

Vulnerability Addressed With Latest Plugin Release

Following the researchers’ report, the developers patched the vulnerability with plugin release 7.10.1. While the plugin’s official website lists the latest release with some security fixes, it hasn’t described the exact patches. Nonetheless, Wordfence confirmed version 7.10.1 as the latest release; hence, this is the version that users should upgrade to.

LayerSlider is a popular WordPress plugin that helps developers build attractive websites without much coding. Its usefulness has earned it over 1,000,000 active installations, which, on the other hand, also hints at the massive security risk this plugin can pose if exploited. To prevent the threat, WordPress admins running this plugin should immediately update their sites with the latest release.

Let us know your thoughts in the comments.


[ad_2]
Source link

Kid Security app exposed children’s locations, messages & more

andreasc
-
0
Kid Security app exposed children’s locations, messages & more
[ad_1]

Kid Security, a popular parental control app with millions of downloads, has been found to leak sensitive information about children. The app, which is available on Android and iOS, exposed GPS locations, private messages, email addresses, IP addresses, and more. The data was accessible to anyone for over a year, security researchers at Cybernews discovered. The same team previously reported a data leak by Kid Security in November 2023.

Security researchers discover another data leak by Kid Security

Kid Security is a mobile app that parents can install on their children’s phones to track their locations, listen to their surroundings when away, limit screen times, control digital interactions, and more. Developed by a company headquartered in Kazakhstan, it works in tandem with another app called ‘Tigrow!’ to give parents full control over what their children do on their phones.

Unfortunately, poor security measures mean the app did more harm than good to its users. According to Cybernews, the developers of Kid Security “failed to configure authentication for their Kafka Broker Cluster.” This compromised sensitive data collected from minors’ phones. The leaked data included private messages from various chat apps, including Instagram, WhatsApp, Telegram, Viber, and Vkontakte.

The leak also exposed parents’ email addresses, IP addresses, lists of apps installed on phones and their usage statistics, audio recordings of minors’ environments, device locations, IMEI numbers, and other forms of data. The worst part is that anyone, including threat actors, could access the data. And not for a day or a week, but for a whole year, which is a massive security risk for parents and minors.

Information like email addresses, social media messages, IMEI numbers, and GPS locations are more than enough to pinpoint a user. Some leaked group chats had specific school names and class designations in the title, further enabling a threat actor to narrow down an individual. They could also use the Sound Around feature to listen to and record a kid’s surroundings without their knowledge.

The leak also impacted children who don’t use this app

This data leak also impacted children who don’t have Kid Security installed on their phones. Their messages sent to children with this app were exposed. This included group chats with the aforementioned specifics. The leak predominantly affected people in the Russian Federation, Eastern Europe, and the Middle East, though a substantial number of people from other regions also use the app.

Cybernews discovered this leak in February 2024. The cluster has been open since January 2023. Over this period, it had exposed over 100GB of information. The researchers observed the cluster for over one hour and received 456,000 private messages and app usage statistics from 11,000 phones. That’s a remarkably high volume of data compromised within an hour. Threat actors could use the information to launch more devastating attacks.

The publication reached out to the developers of Kid Security after discovering this leak. The company subsequently secured the cluster but damage was already done. Considering that the leak remained unpatched for over a year, the developers probably weren’t actively monitoring the cluster. A previous leak also exposed thousands of phone numbers, email addresses, and activity logs of the app’s users.

If you or someone you know uses Kid Security, it might be a safer option to uninstall it and switch to some other parental control app. You should also remain vigilant regarding the safety of your kid as the leak could have compromised your data.


[ad_2]
Source link

Oxycorat Android RAT Spotted on Dark Web Stealing Wi-Fi Pass

andreasc
-
0
Oxycorat Android RAT Spotted on Dark Web Stealing Wi-Fi Pass
[ad_1]

Cybersecurity experts have identified a new threat lurking in the shadows of the dark web, a Remote Access Trojan (RAT) known as Oxycorat.

This malicious software is specifically designed to infiltrate Android devices. Cybercriminals looking for a comprehensive toolkit to execute various infamous activities can purchase it.

The Threat at Hand

Oxycorat boasts an alarming array of features that pose significant risks to Android users.

Document
Run Free ThreatScan on Your Mailbox

Trustifi’s Advanced threat protection prevents the widest spectrum of sophisticated attacks before they reach a user’s mailbox. Try Trustifi Free Threat Scan with Sophisticated AI-Powered Email Protection .

According to the details, the RAT includes a file manager, an SMS manager, and a wallet stealer, which could give attackers access to sensitive financial information.

Additionally, it can manage WhatsApp messages, potentially exposing private conversations.

One of the most troubling capabilities of Oxycorat is its ability to act as ransomware, locking users out of their devices and demanding payment for access restoration.

It can also steal Wi-Fi passwords, leading to unauthorized access to private networks, further compromising personal data, and spreading the infection to other devices connected to the same network.

ThreatMon recently reported on Twitter that Oxycorat, a Remote Access Trojan (RAT) targeting Android devices, is currently available for purchase.

The sale and distribution of such malware are illegal and constitute a serious cybercrime.

Law enforcement agencies around the world are ramping up efforts to combat the proliferation of RATs like Oxycorat.

Cybersecurity experts are working closely with legal authorities to track down the creators and distributors of this RAT, mitigate its spread, and protect users from potential harm.

Impact on Android Users

The existence of Oxycorat on the dark web is a stark reminder of the persistent threats that Android users face.

While Android’s open ecosystem is beneficial for innovation and user choice, it can also make it more susceptible to such attacks.

Users are advised to remain vigilant, avoid downloading apps from untrusted sources, and update their devices with the latest security patches.

Preventative Measures

To safeguard against threats like Oxycorat, users should:

  • Install a reputable antivirus and anti-malware application on their devices.
  • Regularly update their operating system and apps to the latest versions.
  • Be cautious when granting app permissions, especially those that seem unnecessary for the app’s function.
  • Avoid clicking on suspicious links or downloading attachments from unknown sources.
  • Use strong, unique passwords for their Wi-Fi networks and change them periodically.

The discovery of Oxycorat is a reminder of the evolving landscape of cyber threats.

As cybercriminals become more sophisticated, so must the cybersecurity community and everyday users.

It is a collective effort to stay one step ahead of these threats, and awareness is the first line of defense.

Stay updated on Cybersecurity news, Whitepapers, and Infographics. Follow us on LinkedIn & Twitter.


[ad_2]
Source link
1...229230231...1,468Page 230 of 1,468