I wouldn’t expect that company to stay in business for much longer.

OFFS! At least it’s only C&C info rather than an infection source, so far.

Yeah, but a lot of people will not understand that and go full “OMG, Bitcoin was hacked!”. Popcorn time.

Speaking of vulnerabilities, there’s apparently a settlement in the works for the Yahoo! breach

Not a good look, Google: Pixel 4 mobes can be face-unlocked even if you’re asleep… or dead?

Oh dear, oh dear.

Japanese hotel chain sorry that hackers may have watched guests through bedside robots

Messed Western: Vuln hunters say hotel giant’s Autoclerk code exposed US soldiers’ info, travel plans, passwords…

“Our team viewed highly sensitive data exposing the personal details of government and military personnel, and their travel arrangements to locations around the world, both past and future,” vpnMentor’s pseudonymous author “Guy Fawkes” said in a blog post on Monday. “This represented a massive breach of security for the government agencies and departments impacted.”
The researchers claim to have viewed logs for US army generals traveling to Moscow, Tel Aviv, and other destinations, among other sensitive details. And they also say they encountered unencrypted login details for connected services during their probes of the system.
Exposed reservations revealed customers’ full names, dates of birth, home addresses, phone numbers, dates and costs of travel, and masked credit card details. On some reservations, this included hotel guest check-in times and room numbers.

A stranger’s TV went on spending spree with my Amazon account – and web giant did nothing about it for months

In short, it is possible to add a non-Amazon device to your Amazon customer account and it won’t show up in the list of gadgets associated with the profile. This device can quietly use the account even if the password is changed, or two-factor authentication is enabled.
Thus if someone can get into your account, and add their own gizmo to your profile, they can potentially persistently retain this access and continue ordering stuff using your payment cards, even if you seemingly remove all devices from your account, and change your login credentials.

If it sounds too good to be true, it most likely is: Nobody can decrypt the Dharma ransomware

Atlassian scrambles to fix zero-day security hole accidentally disclosed on Twitter

I’m not sure this is news…?

Chinese e-commerce site LightInTheBox.com bared 1.3TB of server logs, user data and more

And how does that even work? Were they honorable thieves who only made one copy?

I run my own email server, and create unique email addresses whenever I use an online shop. I just found a sextortion scam email in my inbox, sent to an address I’ve only ever given to Cafe Press. ETA: Ironically, though I created an account with them, I’ve never actually ordered anything.

Looks like they’ve been breached…