A significant data breach impacting around 165 companies has been linked to a suspected hacker who exploited Snowflake’s cloud storage services. Alexander “Connor” Moucka, the alleged perpetrator, was apprehended by Canadian authorities following a request from the US government. The stolen information, including customer data, is believed to have been offered for sale online. This incident highlights the vulnerabilities of cloud storage services and emphasizes the importance of robust security measures for safeguarding sensitive data. The breach has raised concerns about the security of cloud-based platforms and the potential for data theft, particularly within companies relying heavily on cloud services. It underscores the need for constant vigilance and proactive security measures to mitigate risks and protect sensitive data.
Security researchers discovered a critical zero-click vulnerability within Synology’s Photos app, impacting millions of users. This vulnerability allows attackers to compromise the system without any user interaction. The flaw resides in a part of the app that doesn’t require authentication, enabling direct exploitation over the internet. Attackers can gain root access and install malicious code, potentially turning the infected device into a botnet for further nefarious activities. Synology has addressed the bug, but users need to manually update their devices. This incident highlights the importance of regularly updating software to mitigate security risks and the growing threat of zero-click vulnerabilities.
A group of cybercriminals, dubbed “Phish ‘n Ships” by researchers, has infected over 1,000 legitimate web shops to create and promote fake product listings. The group targets in-demand products, creating fake online stores where consumers unwittingly provide their payment card information. These infected web shops redirect visitors to fake online stores, where they are presented with fake listings for popular items. Victims are then led to third-party payment processors controlled by the fraudsters, unknowingly providing their payment details. The group has been successful in manipulating search engine rankings, making their fake listings appear high in results. This sophisticated phishing scheme has caused estimated losses of tens of millions of dollars over the past five years.