Missouri Gov. Mike Parson launched a criminal investigation of a reporter who flagged a state website that exposed 100K+ Social-Security numbers for teachers and other state employees.

https://threatpost.com/missouri-prosecute-hacker-data-leak/175501/

Effective cyber-incident response means working well with legal. Matt Dunn, associate managing director for cyber-risk at Kroll, lays out how to do it.

https://threatpost.com/incident-response-infosec-legal-relationship/175461/

An anonymous user posted a link to a 125GB torrent to 4chan yesterday, containing all of Twitch’s source code, comments going back to its inception and more.

https://threatpost.com/twitch-source-code-leaked/175359/

The Compound cryptocurrency exchange accidentally botched a platform upgrade and distributed millions in free COMP tokens to users - then threatened to dox the recipients.

https://threatpost.com/compound-defi-platform-90m/175321/

A former medical records tech stole PII that was then used to fraudulently claim DoD and VA benefits, particularly targeting disabled veterans.

https://threatpost.com/transnational-fraud-military-members/175298/

A ‘nearly impossible to analyze’ version of the malware sports a bootkit and ‘steal-everything’ capabilities.

https://threatpost.com/finspy-surveillance-kit/175068/

Income level, education and being part of a disadvantaged population all contribute to cybercrime outcomes, a survey suggests.

https://threatpost.com/women-minorities-hacked/175038/

Digital privacy rights defenders contend that geofencing warrants grab data on everyone near a crime, without cause.

https://threatpost.com/google-controversial-geofence-warrants/174938/

“Time to find out who in your family secretly ran … [a] QAnon hellhole,” said attackers who affiliated themselves with the hacktivist collective Anonymous, noting that Epik had laughable security.

https://threatpost.com/epik-confirms-hack-data/174872/

Drivers bristle under constant surveillance by artificial-intelligence (AI) tech, but Amazon says it works and boosts safety.

https://threatpost.com/amazon-driver-surveillance-cameras/174843/

Citizen Lab urges Apple users to update immediately. The new zero-click zero-day ForcedEntry flaw affects all things Apple: iPhones, iPads, Macs and Watches.

https://threatpost.com/apple-emergency-fix-nso-zero-click-zero-day/169416/

Pro-Kurd Facebook profiles deliver ‘888 RAT’ and ‘SpyNote’ trojans, masked as legitimate apps, to perform mobile espionage.

https://threatpost.com/bladehawk-attackers-kurds-android/169300/

The privacy-touting, end-to-end encrypted email provider erased its site’s “we don’t log your IP” boast after France sicced Swiss cops on it.

https://threatpost.com/protonmail-log-ip-address-french-activist/169242/

The FTC’s first spyware ban nixes a company whose “slipshod” security practices led to exposure of thousands of victims’ illegally collected personal data.

https://threatpost.com/spyfone-ban-stalkerware-surveillance/169165/

@cerberus I’d be showing far greater concern for those elastic search databases being stored in unencrypted S3 buckets. Research and previous media reports show this area as the most common source of attack.

You have hundreds of “boutique” firms scraping LinkedIn data and storing it completely unsecured, and without addressing this elephant in the room, the problem will not subside - it will only get much worse.

Security researchers at Jamf discovered the XCSSET malware exploiting the vulnerability, patched in Big Sur 11.4, to take photos of people’s computer screens without their knowing.

https://threatpost.com/apple-patches-zero-day-flaw-in-macos-that-allows-for-sneaky-screenshots/166428/

Nearly all of the leaked data was for owners or wannabe owners of the automaker’s luxury brand of Audis, now at greater risk for phishing, ransomware or car theft.

https://threatpost.com/vw-data-3m-audi-drivers/166892/

A French court fined the furniture giant for illegal surveillance on 400 customers and staff.

https://threatpost.com/ikea-fined-spying-system/166991/