Hackers are exploiting a two-year-old VMware vulnerability as part of a ransomware campaign targeting thousands of organizations worldwide
Zack Whittaker
@zackwhittaker
Security editor • +1 646.755.8849 • he/him • zack.whittaker@techcrunch.com • mastodon.social/@zackwhittaker
Zack Whittaker’s Tweets
New: A New York-based 'stalkerware' maker has agreed to notify individuals whose phones were compromised by its mobile surveillance software, including PhoneSpector and Highster, following a deal with the New York attorney general's office.
32
44
NEW: We obtained a private intelligence report on the hackers known as "0ktapus" or "Scattered Spider."
After hitting 130 companies last year, the hackers are still active as of January, targeting Riot Games, Roblox, Salesforce, and Mailchimp and others.
2
22
38
Show this thread
New: The U.S. Treasury says it's aware of a ransomware attack targeting Ion Group, a financial tech giant whose software is used by banks around the world. tcrn.ch/3WWHau7 by
26
26
NEW: Hackers hijacked the Coinbase account of a Google Fi customer.
An interesting attack that's hard to explain right now. The hackers didn't take control of the Google account tied to the Fi account, but somehow took control of the phone number.
5
52
77
Show this thread
New: FTC has slapped GoodRx with a $1.5M penalty for sharing consumers' sensitive health information — including medications and health conditions — with advertisers like Facebook and Google, and ordered GoodRx to stop. w/ .
2
8
15
After twenty years, the ubiquitous, storied Stripperweb forum is shutting down on February 1. No one knows why.
I wrote about how the community has come together to archive their collective history and attempt to track down the forum's elusive owner.
7
72
160
Show this thread
Google Fi says hackers accessed customer data, including phone numbers and SIM details, during data breach that's likely related to the recent T-Mobile hack
30
33
New: Taiwanese auto giant Hotai Motor exposed a massive database of iRent customer data for months, including thousands of ID documents. There was no password on the database. w/
2
35
48
NEW: Russia is blocking Skiff, an encrypted email and cloud services provider.
The blocking is done by Internet Service Providers following an order of a (so far) unknown Russian government agency.
2
22
27
I looked at a bunch of court records to learn more about how police in the U.S. use digital data to prosecute abortions. Here’s what I found.
8
50
56
Show this thread
US announces it seized Hive ransomware gang’s leak sites and decryption keys
3
5
15
Have you recently made a purchase through one of these knockoff apparel online stores? Your credit card may have been exposed.
14
10
New: If you bought knock-off designer goods or apparel from these online stores, you might want to get yourself a new credit card.
A database of 330,000 unencrypted customer credit card numbers and cardholder information exposed, thanks to no password.
1
29
30
NEW: The FBI accused North Korean government hackers Lazarus Group and APT38 of being behind last year's hack of blockchain bridge Horizon, which netted the hackers $100 million.
2
29
31
LastPass owner GoTo says hackers stole customers’ encrypted backups during a recent breach of its systems
2
32
26
New: A hack at ODIN Intelligence, which provides tech and apps — like SweepWizard — to police departments, has exposed a huge trove of police files, including tactical plans of police raids, surveillance, and use of facial recognition.
2
80
131
New: A hack at ODIN Intelligence, which provides tech and apps — like SweepWizard — to police departments, has exposed a huge trove of police files, including tactical plans of police raids, surveillance, and use of facial recognition.
2
80
131
NEW: T-Mobile got hacked, again. It's the eight time since 2018.
techcrunch.com/2023/01/19/t-m
GIF
read image description
ALT
8
60
98
Mailchimp was hacked — again, its second breach in six months.
2
61
48
Royal Mail has confirmed that a "cyberattack" is responsible for disruption to overseas post, which continues into a second week
5
4
New: A government watchdog spent $15,000 building a password-cracking rig capable of unscrambling thousands of government employee passwords in a matter of minutes.
1
22
37
~ Personal news ~
I am joining TechCrunch to work with and the rest of the team covering the usual beats of cybersecurity, hacking, surveillance and privacy.
I'm really excited and look forward to being back on the beat starting Jan. 17.
126
57
1,129
Show this thread
A file on SpyTrac's server contained AWS keys linked to cloud storage associated with Support King and GovAssist, both run by CEO Scott Zuckerman.
Zuckerman denied links to SpyTrac, but couldn't explain how his AWS keys were found on SpyTrac's servers.
5
9
Show this thread
After the FTC's ban in 2021, Support King shut down its stalkerware app SpyFone. A year on, the app is back in all but name only, according to internal data we've seen.
Shortly after we contacted its CEO for comment, SpyTrac's website went offline.
More: tcrn.ch/3uWE2CO
read image description
ALT
1
8
13
Show this thread
New: In 2021, the FTC banned SpyFone and its parent company Support King from the surveillance industry.
But new data seen by TechCrunch links Support King to a new phone spying operation called SpyTrac, which has compromised over 1.3 million devices.
2
41
59
Show this thread
Bellingcat Discord member Sepulco geolocated the video Elon Musk posted overnight, claiming to show a stalker, which he used to justify the banning of accounts that tracked flights. It's at 34.116175,-118.160635, not close to any airports.
google.com/maps/@34.11613
476
5,799
27.3K
Show this thread
Quote Tweet
2
17
45
Show this thread
Two weeks ago, LastPass confirmed it was hacked for the second time this year and that customers' information was accessed.
TechCrunch has analyzed and marked-up LastPass' data breach notice to explain what LastPass is, and isn't telling customers.
4
30
36
Case in point: DOJ charged Joshua Laing, 32, of running the alleged booter service "TrueSecurityServices[.]io" between 2014 and November 2022.
However, that domain — and several others — are still active and operational and have no seizure notices.
More: tcrn.ch/3ByyQZN
read image description
ALT
read image description
ALT
1
2
3
Show this thread
Well this is embarrassing. Several of the illegal DDoS-for-hire websites seized by the FBI are still loading and appear operational, a day after the DOJ filed charges against six defendants accused of running the services.
1
27
36
Show this thread
If you really want to geek out, you can follow along with the 🖍️ links in the story, which correspond with my marked up notes.
5
8
Show this thread
New: Two weeks ago, LastPass said it was hacked for a second time this year. This time an intruder gained access to customers' information.
I parsed LastPass' data breach notice to explain what LastPass is and isn't saying, and how it impacts users.
5
78
141
Show this thread
Apple says it's aware of exploitation targeting iPhone users running "versions of iOS released before iOS 15.1."
But by who? Google TAG, which investigates nation state spyware and hacking, discovered the flaw. That's a big clue as to who's exploiting it.
16
22
Show this thread
New: Apple says an iPhone software update it released two weeks ago, iOS 16.1.2, contains a security fix for a WebKit zero-day flaw that is being "actively exploited."
Apple also released the security fix for those still running iOS 15.
3
54
79
Show this thread
#Xnspy is one of many so-called #stalkerware apps sold under the guise of allowing a parent to monitor their child’s activities, but are explicitly marketed for spying on a spouse or domestic partner’s devices without their permission
1
16
18
Xnspy, like a lot of stalkerware, is a hot mess of security flaws. It's not really a surprise that TechCrunch was sent a cache of internal Xnspy data — data that exposed its developers, who had made a concerted efforts to conceal their involvement.
1
11
13
Show this thread
Xnspy spied on 60,000+ devices globally — mostly Android devices, but data we've seen also contained over 10,000 iCloud account passwords for accessing iCloud backups. Given the possibility of ongoing risk to victims, TechCrunch provided the list of compromised accounts to Apple.
1
8
16
Show this thread







