Security Firm Behind iPhone Unlocking Finally Discovered

The security firm that unlocked the iPhone of the San Bernardino shooter has been unveiled, and it’s an Australian company called Azimuth.

Azimuth is a poster child for “white hat” hacking, experts say, which is good-guy cybersecurity research that aims to disclose flaws and disavows authoritarian governments. Two Azimuth hackers teamed up to break into the San Bernardino iPhone, according to the people familiar with the matter, who like others quoted in this article, spoke on the condition of anonymity to discuss sensitive matters.

An interesting story, especially with the connection to Corellium.

Clubhouse API Open to Scraping Public User Data

On Saturday, a SQL database containing data of 1.3 million Clubhouse users was posted on a hacker forum. The data included names, user IDs, social media profile names, and other details.

While the data associated with the Clubhouse user base was not acquired as a result of a breach, allowing ‘anyone with an API’ to download public Clubhouse profile information on a mass scale can backfire. For example, data scraping is often used by spammers and phishers to find new victims: they aggregate public contact details and use them for spam lists, robocalls, or social engineering attacks.

It’s not sensitive data but it can be combined with other data hoards that may have sensitive data. Every little scrap of data, while innocent on their own, can be potentially used against you, whether from advertisers or hackers.

LinkedIn Data Leak of 500 Million People Sold Online

Just days after a Facebook data leak was discovered, security researchers found another one, this time involving LinkedIn. It affects a similar amount of users, 500 million, with data being sold on a “popular hacker forum.”

The leaked files appear to only contain LinkedIn profile information – we did not find any deeply sensitive data like credit card details or legal documents in the sample posted by the threat actor. With that said, even an email address can be enough for a competent cybercriminal to cause real damage.

Facebook Leaks Data of 553 Million People Like Phone Numbers

The personal data of 553 million Facebook users was posted in a hacking forum over the weekend. Data includes phone numbers, full names, locations, email addresses, and other information.

While it’s a couple of years old, the leaked data could prove valuable to cybercriminals who use people’s personal information to impersonate them or scam them into handing over login credentials, according to Alon Gal, the chief technology officer of the cybercrime intelligence firm Hudson Rock, who discovered the trough of leaked data on Saturday.

Facebook PR has been downplaying the leak, saying it’s “only” two years old. But for most people, their phone number, email addresses, and full names probably haven’t changed in that time.

NSA Wants to Spy on Americans Because Reasons

U.S. government servers have been getting hacked left and right. In response, the NSA wants us to think that approval of domestic spying will solve the problem, despite suffering an egregious hack in 2016 where its zero-day exploits were stolen.

“We truly need to look at the ability for us to see ourselves and right now it’s difficult for us to see ourselves,” Nakasone testified on Thursday to the Senate Armed Services Committee. Adversaries like China and Russia “are operating with increased sophistication, scope [and] scale, including operations that can end “before a warrant can be issued,” he warned.

Facebook Introduces Security Keys for Two-Factor Authentication

Facebook announced on Thursday that it now supports two-factor authentication authentication for security keys on its mobile apps.

Physical security keys — which can be small enough to fit on your keychain — notify you each time someone tries accessing your Facebook account from a browser or mobile device we don’t recognize. We ask you to confirm it’s you with your key, which attackers don’t have.

Dropbox Passwords Rolls Out to All Users in April

Dropbox Passwords launched in 2020 for paid users to manage their passwords. Now the company has announced it will be available to free users in April. You can sign up here to be notified of its release.

Dropbox Basic users will be able to store up to 50 passwords in Dropbox Passwords and have them automatically sync with up to three devices. It will also be possible to share passwords securely with anyone eventually, but this is a feature Dropbox is still working on and isn’t available yet.

I think it’s interesting that Dropbox came out with a password manager, but you can find far better ones for free with less limitations, like Bitwarden.

Molson Coors Production Grinds to Halt From Cyberattack

Molson Coors has revealed in its regulatory filing it suffered a cyberattack, and production has come to a halt.

Molson Coors experienced a systems outage that was caused by a cybersecurity incident. We have engaged a leading forensic IT firm to assist our investigation into the incident and are working around the clock to get our systems back up as quickly as possible.

Not even our beer is safe. One likely candidate is some kind of ransomware.

Dashlane Reveals New Password Changer and Autofill Engine

Dashlane announced on Thursday a redesign of its Password Changer, as well as a new autofill engine powered by machine learning.

Password Changer seamlessly logs users into compatible websites, generates strong, unique passwords, then changes the passwords for those sites on the user’s behalf in one-click.

Interested persons can sign up to test the beta versions of Dashlane with these new features using this website.

Verkada Security Breach Exposes 150,000 Surveillance Cameras

Hackers have breached the systems of Verkada, a startup that sells security cameras. The group says it was done to expose how widespread video surveillance is.

A person with knowledge of the matter said Verkada’s chief information security officer, an internal team and an external security firm are investigating the incident. The company is working to notify customers and set up a support line to address questions, said the person, who requested anonymity to discuss an ongoing investigation.