A non-password-protected database that contained just under 100k records belonging to GenNomis by AI-NOMIS —was discovered by cybersecurity researcher Jeremiah Fowler, who reported his findings to vpnMentor. GenNomis by AI-NOMIS is an AI company based in South Korea that provides face swapping and “Nudify” adult content as well as a marketplace where images can be bought or sold The database was neither password-protected nor encrypted and contained 93,485 images and JSON files—in total 47.8 GB of data. A sample of the exposed records included a slew of pornographic images, some of which appeared to depict AI-generated pictures of ‘very young…
Kirsten Doyle
Kirsten Doyle
Kirsten Doyle has been in the technology journalism and editing space for nearly 24 years, during which time she has developed a great love for all aspects of technology, as well as words themselves. Her experience spans B2B tech, with a lot of focus on cybersecurity, cloud, enterprise, digital transformation, and data centre. Her specialties are in news, thought leadership, features, white papers, and PR writing, and she is an experienced editor for both print and online publications.
Information Security Buzz News Editor
Kirsten Doyle has been in the technology journalism and editing space for nearly 24 years, during which time she has developed a great love for all aspects of technology, as well as words themselves. Her experience spans B2B tech, with a lot of focus on cybersecurity, cloud, enterprise, digital transformation, and data centre. Her specialties are in news, thought leadership, features, white papers, and PR writing, and she is an experienced editor for both print and online publications.
Security researchers at ThreatFabric have uncovered Crocodilus, a new and highly capable mobile banking Trojan that features modern attack techniques, including remote control, black screen overlays, and advanced data harvesting via accessibility logging. During routine threat-hunting operations, analysts identified these previously unseen malware samples. Dubbed “Crocodilus” after references left by its developers (who call it “Crocodile”), this Trojan exhibits all the hallmarks of a modern banking malware: overlay attacks, keylogging, remote access, and hidden control capabilities. ThreatFabric’s initial analysis revealed that Crocodilus seems to be mainly targeting financial institutions in Spain and Turkey, as well as several cryptocurrency wallets. However,…
Elon Musk’s social media platform, X, has once again made headlines—for all the wrong reasons. Following reports of xAI’s $33B purchase of X, claims of bad actors being behind platform outages, and X password scams targeting users, another concerning development has emerged. A data enthusiast called ThinkingOne has released a database allegedly containing details of around 200 million X user records. Here’s what we know so far. X Vulnerability Exploited to Access User Data The origins of this breach date back to January 2022, when Twitter, as it was then known, identified a vulnerability through its bug bounty program. This flaw…
iOS apps that cater to sugar dating, BDSM, and LGBTQ+ communities – where privacy is critical – have leaked highly sensitive content, putting users of these apps at risk. Cybernews researchers discovered that apps from BDSM People, CHICA, TRANSLOVE, PINK, and BRISH had publicly accessible secrets published together with the apps’ code, including API keys, passwords, and encryption keys. It is highly dangerous to expose these, as credentials in client applications are accessible to anyone, and can be abused by malicious actors to gain a foothold on systems. In this instance, the most dangerous of leaked secrets granted access to…
A new cybersecurity report from Forescout Technologies has unveiled significant vulnerabilities in solar power systems that could potentially destabilize power grids and compromise consumer data privacy. The report, titled “SUN:DOWN – Destabilizing the Grid via Orchestrated Exploitation of Solar Power Systems,” details several key findings: According to Barry Mainz, Forescout CEO, “The collective impact of residential solar systems on grid reliability is too significant to ignore – hospitals could lose access to critical equipment, families could go without heat in the winter or AC in a heatwave, and businesses could shut down. Threat actors increasingly target critical infrastructure, making it…
The Qualys Threat Research Unit (TRU) has uncovered three security bypasses in Ubuntu’s unprivileged user namespace restrictions. Researchers disclosed these vulnerabilities to the Ubuntu Security Team on 15 January this year, has been working with then ever since. Researchers found three distinct bypasses of these namespace restrictions, each of which would allow bad actors to create user namespaces with full administrative capabilities. “These bypasses facilitate exploiting vulnerabilities in kernel components requiring powerful administrative privileges within a confined environment. The restrictions on unprivileged user namespaces were initially introduced in Ubuntu 23.10 and enabled by default in Ubuntu 24.04,” Qualys explained. The…
Cybersecurity analyst Jeremiah Fowler has discovered an unprotected Amazon S3 database that wasn’t encrypted or password protected and contained some 27,000 records. The records included highly personal information such as driver’s licenses, Medicaid cards, work statements, and bank statements that held account numbers and partial credit card numbers. The name of the database and the internal files names suggest that the database was owned by Australian fintech company Vroom by YouX (formerly Drive IQ). In addition, Fowler discovered an internal screenshot that showed another instance of MongoDB storage with 3.2 million documents. However, he did not examine its content and…
A new ransomware gang, Arkana Security, is claiming responsibility for an enormous breach at WideOpenWest (WoW), one of the largest cable operators and ISPs in the US. The malicious actors boasted they had full backend control and even put a music video montage together to illustrate exactly how much access they had. Threat researchers from Hudson Rock traced the origins or the attack to an infostealer infection back in September last year. It has allegedly compromised over 403,000 including names, emails, passwords and other data, and an additional file allegedly containing 2.2 million records. It has also given the malefactors…
Despite Oracle’s denial of a breach affecting its Oracle Cloud federated SSO login servers, Bleeping Computer has confirmed with multiple companies that data samples shared by the threat actor are authentic. Recently, a threat actor, “rose87168,” claimed to be selling six million records, including sensitive account data, on dark web forums. CloudSEK’s investigation suggests the breach may have exploited a known security flaw, possibly allowing unauthorized access and data exfiltration. The vulnerable Oracle Cloud subdomain, which has subsequently been removed. Oracle dismissed the claims, although cybersecurity firm CloudSEK and independent researchers found evidence supporting the breach. As further proof, the…
A powerful new attack tool, Atlantis AIO, is making it easier than ever for cybercrooks to access online accounts. Designed to perform credential stuffing attacks automatically, Atlantis AIO enables hackers to test millions of stolen usernames and passwords in rapid succession. In new research, Abnormal Security has described how, by offering pre-configured modules to target a wide range of platforms—especially email providers—this tool allows attackers to take over accounts with minimal effort. Credential stuffing remains one of the most common cyber threats today. It exploits a common security vulnerability: people reusing the same passwords across multiple websites. Cyber attackers exploit…