Experts warn that virtual private networks are increasingly vulnerable to leaks and attack.

https://threatpost.com/vpn-exposes-data-1m/175612/

Missouri Gov. Mike Parson launched a criminal investigation of a reporter who flagged a state website that exposed 100K+ Social-Security numbers for teachers and other state employees.

https://threatpost.com/missouri-prosecute-hacker-data-leak/175501/

Effective cyber-incident response means working well with legal. Matt Dunn, associate managing director for cyber-risk at Kroll, lays out how to do it.

https://threatpost.com/incident-response-infosec-legal-relationship/175461/

An anonymous user posted a link to a 125GB torrent to 4chan yesterday, containing all of Twitch’s source code, comments going back to its inception and more.

https://threatpost.com/twitch-source-code-leaked/175359/

The Compound cryptocurrency exchange accidentally botched a platform upgrade and distributed millions in free COMP tokens to users - then threatened to dox the recipients.

https://threatpost.com/compound-defi-platform-90m/175321/

A former medical records tech stole PII that was then used to fraudulently claim DoD and VA benefits, particularly targeting disabled veterans.

https://threatpost.com/transnational-fraud-military-members/175298/

A ‘nearly impossible to analyze’ version of the malware sports a bootkit and ‘steal-everything’ capabilities.

https://threatpost.com/finspy-surveillance-kit/175068/

Income level, education and being part of a disadvantaged population all contribute to cybercrime outcomes, a survey suggests.

https://threatpost.com/women-minorities-hacked/175038/

Digital privacy rights defenders contend that geofencing warrants grab data on everyone near a crime, without cause.

https://threatpost.com/google-controversial-geofence-warrants/174938/

“Time to find out who in your family secretly ran … [a] QAnon hellhole,” said attackers who affiliated themselves with the hacktivist collective Anonymous, noting that Epik had laughable security.

https://threatpost.com/epik-confirms-hack-data/174872/

Drivers bristle under constant surveillance by artificial-intelligence (AI) tech, but Amazon says it works and boosts safety.

https://threatpost.com/amazon-driver-surveillance-cameras/174843/

Citizen Lab urges Apple users to update immediately. The new zero-click zero-day ForcedEntry flaw affects all things Apple: iPhones, iPads, Macs and Watches.

https://threatpost.com/apple-emergency-fix-nso-zero-click-zero-day/169416/

Pro-Kurd Facebook profiles deliver ‘888 RAT’ and ‘SpyNote’ trojans, masked as legitimate apps, to perform mobile espionage.

https://threatpost.com/bladehawk-attackers-kurds-android/169300/

The privacy-touting, end-to-end encrypted email provider erased its site’s “we don’t log your IP” boast after France sicced Swiss cops on it.

https://threatpost.com/protonmail-log-ip-address-french-activist/169242/

The FTC’s first spyware ban nixes a company whose “slipshod” security practices led to exposure of thousands of victims’ illegally collected personal data.

https://threatpost.com/spyfone-ban-stalkerware-surveillance/169165/

Security researchers at Jamf discovered the XCSSET malware exploiting the vulnerability, patched in Big Sur 11.4, to take photos of people’s computer screens without their knowing.

https://threatpost.com/apple-patches-zero-day-flaw-in-macos-that-allows-for-sneaky-screenshots/166428/

Nearly all of the leaked data was for owners or wannabe owners of the automaker’s luxury brand of Audis, now at greater risk for phishing, ransomware or car theft.

https://threatpost.com/vw-data-3m-audi-drivers/166892/

Decision throws out previous ruling in favor of hiQ Labs that prevented Microsoft’s business networking platform to forbid the company from harvesting public info from user profiles.

https://threatpost.com/court-linkedin-data-scraping/166927/

A French court fined the furniture giant for illegal surveillance on 400 customers and staff.

https://threatpost.com/ikea-fined-spying-system/166991/