But that’s not all. Every week, we round up the security news we didn’t cover in depth. Click on the headlines to read the full stories. And stay safe.
For the third time since 2010, spyware provider mSpy has suffered a major data breach, this time exposing millions of customers and potential users around the world, many of whom appear to have used the software to spy on others. The leaked find, published by transparency group Distributed Denial of Secrets, contains potentially terabytes of data apparently stolen from mSpy’s customer support system, Zendesk. It reveals names, email addresses, customer support tickets and documentation, and much more.
Unlike military-grade spyware like NSO Group’s infamous Pegasus, mSpy is a consumer product often marketed as a way for parents to monitor their children’s phone use. But its customer base isn’t necessarily limited to curious parents. There’s evidence in the data that at least U.S. government entities have inquired about the software’s use, including the Social Security Administration. Immigration and Customs Enforcement personnel and a U.S. federal judgeGiven the amount of data exposed by the leak, it is to be expected that more revelations will emerge.
The Heritage Foundation, a right-wing think tank whose “Project 2025” plan to transform America into what it once was, Critics describe it as An autocratic Christian nationalist state ruled by a super-president, Donald Trump, suffered a minor cyberattack this week at the gloved hands of self-described “hairy gay hackers.” The breach itself appears to have been fairly minor: 2 gigabytes of data. Taken from a blog called Daily SignalMuch of this was “useless,” as “saw,” one of the hackers from the SeigSec group, who said he targeted the Heritage Foundation because “Project 2025 threatens abortion health care rights and LGBTQ+ communities in particular.” Still, the intrusion apparently upset Heritage columnist Mike Howell, whose alleged conversation with “saw” was filtered out and then shared by Howell. SeigSec, which previously targeted a US and NATO nuclear laboratory, Now he says he is dissolving.
Victims of ransomware attacks have only two options, and both are bad: refuse to pay the attackers and try to get back to normal without accessing their systems and data, or pay up and hope they give them decryption keys (and not leak their data anyway). CDK Global, which provides software to US car dealers, appears to have chosen the latter option. According to researchers at cryptocurrency tracking firm TRM Labs, CDK sent 387 bitcoins, worth about $25 million, to an account believed to be controlled by the BlackSuite ransomware gang. CDK hasn’t confirmed the payment, but if accurate, it would be at least the second major payment to ransomware gangs this year. In March, Change Healthcare paid a $22 million ransom to help end the disruption of medical facilities across the US. The problem with paying up, aside from costing a literal fortune, is that it may encourage more ransomware attacks. In fact, following the Change Healthcare payment, researchers at security firm Recorded Future observed the largest increase in ransomware attacks targeting the healthcare industry in the four years it has been tracking criminal activity. The trick, of course, is that paying can work: CDK indicated last week that almost all of the 15,000 dealers it works with are operational again.
The United States Department of Justice Announced On Tuesday, U.S., Canadian and Dutch authorities seized two domains used to operate a “bot farm” allegedly created by RT, the Russian state media organization, and operated by Russia’s Federal Security Service (FSB). The Justice Department says it identified 968 social media accounts linked to the bot farm that were used to amplify RT content online. The RT bot farm was created in 2022, according to the Justice Department, and was seized by an FSB agent in 2023. It’s unclear what impact the bot farm had, and the Justice Department says its investigation is ongoing.
