Webtagr - Technology News Summarizer

Hackers Exploit End-of-Life SonicWall Appliances to Steal Sensitive Data

2025-07-18

Google's Threat Intelligence Group (GTIG) and Mandiant have uncovered an ongoing campaign leveraging vulnerabilities in end-of-life SonicWall Secure Mobile Access (SMA) 100 series appliances to steal sensitive data. The threat actor, UNC6148, uses previously stolen credentials and OTP seeds to regain access even after security updates. A backdoor called OVERSTEP modifies the boot process for persistent access, credential theft, and malware concealment. While potentially linked to the Abyss ransomware gang, the attackers' motives and victim count remain unclear. SonicWall has released an update advising users to reset OTP bindings.

(therecord.media)

Tech

Meta Hit With €5,000 Fine for Tracking Pixels, Opens Door to Massive GDPR Lawsuits

2025-07-10

A German court ordered Meta to pay €5,000 to a user for embedding tracking pixels on third-party websites without consent, violating the GDPR. This ruling sets a precedent, potentially opening the floodgates for mass lawsuits against Meta. The court stated that individual users don't need to prove specific damages to sue. Meta's practice of using tracking technology to profile users and generate billions in profit was deemed a massive violation of European data protection law. Experts warn this decision could significantly impact websites and apps using similar tracking technologies, with potential class-action lawsuits posing a serious financial and operational threat to Meta.

(therecord.media)

Tech

Columbia University Hit by Hacktivist Data Breach: 2.5 Million Applicant Records Compromised

2025-07-03

Columbia University suffered a significant data breach, with a hacktivist claiming responsibility for stealing 460GB of data, including details from 2.5 million student applications spanning decades. The hacker, allegedly motivated by a political agenda, targeted information on applicant acceptance/rejection, citizenship, ID numbers, and academic programs. While the university has engaged a cybersecurity firm and claims no recent malicious activity, the full extent of the breach, which also included employee and applicant Social Security numbers, remains under investigation and could take months to determine.

(therecord.media)

Tech hacktivism

Abracadabra Finance Suffers $13M Crypto Hack; Tornado Cash Connection?

2025-04-08

Decentralized finance (DeFi) platform Abracadabra Finance was hit with a hack resulting in the loss of approximately $13 million in cryptocurrency. The attack targeted the platform's isolated lending markets, known as "cauldrons." The exploit went undetected until the attacker executed multiple transactions. Abracadabra Finance is investigating with security firms and is offering a 20% bounty on the stolen funds. Some security firms link the attack to decentralized exchange GMX, though GMX denies involvement. Investigators suspect the funds used in the attack originated from Tornado Cash, recently desanctioned by the US Treasury.

(therecord.media)

Tech

EU Unveils ProtectEU: A New Internal Security Strategy

2025-04-02

The European Commission launched ProtectEU, a new internal security strategy addressing evolving threats. Key aspects include bolstering Europol into a fully operational police agency, tackling lawful access to data and encryption (a controversial move), and improving intelligence sharing via the EU's Single Intelligence Analysis Capacity (SIAC). The strategy acknowledges existing shortcomings in situational awareness and implementation of cybersecurity laws. Success hinges on member states' political will and cooperation, given the historically sovereign nature of national security matters.

(therecord.media)

Tech EU Security Data Access

FTC Warns: 23andMe Sale Must Honor Privacy Promises

2025-04-01

FTC Chair Andrew Ferguson warned the Department of Justice that any purchaser of 23andMe must uphold its existing privacy policy protecting users' genetic and other data. The FTC highlights 23andMe's promises: user control over data, the ability to delete data, and assurances against sharing data with insurers, employers, or law enforcement without legal warrants. Ferguson emphasizes that these promises, explicitly stated in 23andMe's privacy policy, must be honored even in bankruptcy, given the sensitive and immutable nature of genetic data. The FTC stresses the importance of consumer trust in data protection.

(therecord.media)

Tech genetic data

Ransomware Payments Plummet 35%, Signaling Ecosystem Collapse?

2025-02-07

A new report by Chainalysis reveals a 35% drop in ransomware payments in 2023, from $1.25 billion to $812.55 million. This significant decline, largely concentrated in the second half of the year, is attributed to law enforcement crackdowns on major ransomware groups like LockBit and the exit scam by AlphV/BlackCat, eroding victim trust in paying ransoms. Despite this, ransomware attacks remain prevalent, with critical infrastructure still under significant threat.

(therecord.media)

Tech

Pro-Ukraine Hackers Hit Russia's Biggest State Procurement Platform

2025-01-16

A pro-Ukraine hacking group, Yellow Drift, claimed responsibility for a cyberattack on Roseltorg, Russia's largest electronic trading platform for government and corporate procurement. The group allegedly deleted 550 terabytes of data. While Roseltorg initially attributed the outage to maintenance, they later confirmed the attack, stating data and infrastructure have been restored. The attack impacted major Russian corporations and government agencies, including the Ministry of Defense and Roskomnadzor. This incident highlights the ongoing cyberwar between Russia and Ukraine and the potential disruptive impact of cyberattacks on critical infrastructure.

(therecord.media)

Tech cyberattack Russia-Ukraine conflict