Corruption Ledger

A U.S. federal court jury has decided that Google’s Android app store has been protected by anti-competitive barriers that have damaged smartphone consumers and software developers, dealing a blow to a major pillar of a technology empire. The unanimous verdict reached Monday came after just three hours of deliberation following a four-week trial revolving around a lucrative payment system within Google’s Play Store. The store is the main place where hundreds of millions of people around the world download and…

Britain has issued more than 120 financial penalties to offshore companies that have failed to comply with transparency legislation designed to uncover illicit wealth hidden in the UK property market. The Register of Overseas Entities was created after Russia’s invasion of Ukraine to help the UK government crack down on oligarchs and other kleptocrats. Individuals that own British property through offshore vehicles had until the end of January 2023 to register such entities and publicly reveal their ownership at Companies…

Valve has reportedly fixed an HTML injection flaw in Counter-Strike 2 that was heavily abused today to inject images into games and obtain other players’ IP addresses. While initially thought to be a more severe Cross Site Scripting (XSS) flaw, which allows JavaScript code to be executed in a client, the bug was determined only to be an HTML injection flaw, allowing the injection of images. Counter-Strike 2 uses Valve’s Panorama UI, a user interface that heavily incorporates CSS, HTML,…

Cold storage and logistics giant Americold has confirmed that over 129,000 employees and their dependents had their personal information stolen in an April attack, later claimed by Cactus ransomware. Americold employs 17,000 people worldwide and operates more than 24 temperature-controlled warehouses across North America, Europe, Asia-Pacific, and South America. The April network breach led to an outage affecting the company’s operations after Americold forced it to shut down its IT network to contain the breach and “rebuild the impacted systems.” Americold also…

Toyota Financial Services (TFS) is warning customers it suffered a data breach, stating that sensitive personal and financial data was exposed in the attack. Toyota Financial Services, a subsidiary of Toyota Motor Corporation, is a global entity with a presence in 90% of the markets where Toyota sells its cars, providing auto financing to its customers. Last month, the company confirmed that it detected unauthorized access on some of its systems in Europe and Africa, following a claim from Medusa ransomware about…

Genetic testing company 23andMe announced on Friday that hackers accessed around 14,000 customer accounts in the company’s recent data breach. In a new filing with the U.S. Securities and Exchange Commission published Friday, the company said that, based on its investigation into the incident, it had determined that hackers had accessed 0.1% of its customer base. According to the company’s most recent annual earnings report, 23andMe has “more than 14 million customers worldwide,” which means 0.1% is around 14,000. But the company…

  US Secretary of State Antony Blinken told Israel last month to use “smaller bombs” to limit civilian casualties in Gaza only to turn around a few weeks later and send the Israel Defense Forces over 100 2,000-pound bunker busters. From the New York Times on Nov 4: From The Wall Street Journal, Dec 1, “U.S. Sends Israel 2,000-Pound Bunker Buster Bombs for Gaza War”: The U.S. has provided Israel with large bunker buster bombs, among tens of thousands of other weapons…

Security researchers developed a new attack, which they named AutoSpill, to steal account credentials on Android during the autofill operation. In a presentation at the Black Hat Europe security conference, researchers from the International Institute of Information Technology (IIIT) at Hyderabad said that their tests showed that most password managers for Android are vulnerable to AutoSpill, even if there is no JavaScript injection. How AutoSpill works Android apps often use WebView controls to render web content, such as login pages within…

Kentucky health system Norton Healthcare has confirmed that a ransomware attack in May exposed personal information belonging to patients, employees, and dependents. Norton Healthcare serves adult and pediatric patients in more than 40 clinics and hospitals across Greater Louisville, Southern Indiana, and the Commonwealth of Kentucky. With over 20,000 employees, more than 1,750 employed medical providers, and over 3,000 total providers on its medical staff, Norton Healthcare is Louisville’s second-largest employer, with more than 140 locations throughout Greater Louisville and…

A French juvenile court on Friday convicted six teenagers for their roles in the beheading of a teacher by an Islamist extremist that shocked the country. Teacher Samuel Paty was killed outside his school in 2020 after showing his class cartoons of Islam’s Prophet Muhammad during a debate on free expression. The attacker, a young Chechen who had radicalized, was killed by police. The court found five of the defendants, who were 14 and 15 at the time of the…

TALLINN: Russian police have put prominent Russian-American journalist and author Masha Gessen on a wanted list after opening a criminal case against them on charges of spreading false information about the Russian army. It is the latest step in an unrelenting crackdown against dissent in Russiathat has intensified since the Kremlin invaded Ukraine more than 21 months ago, on Feb.24, 2022. The independent Russian news outlet Mediazona was the first to report Friday that Gessen’s profile has appeared on the…

US-based genomics scientist Kevin McKernan says he has lost an estimated US $200,000 worth of research data after his account on file hosting service MEGA was deleted overnight. It appears that McKernan’s account was deleted by MEGA in response to an urgent injunction granted to New Zealand’s (NZ) Ministry of Health (MOH) to prevent the sharing of anonymised data leaked by whistleblower Barry Young. Young, a 56-year-old database administrator and former employee of the MOH, leaked data from a ‘pay…

As Genetic testing provider 23andMe faces multiple lawsuits for an October credential stuffing attack that led to the theft of customer data, the company has modified its Terms of Use to make it harder to sue the company. In October, a threat actor attempted to sell 23andMe customer data and, after failing to do so, leaked the data for 1 million Ashkenazi Jews and 4.1 million people living in the United Kingdom. Threat actor leaking 23andMe data Source: BleepingComputer 23andMe told BleepingComputer that…

In a bid to counter the impact of U.S. sanctions, Iran and Cuba announced their commitment to enhancing relations during a joint statement in Tehran. Iranian President Ebrahim Raisi and Cuban counterpart Miguel Diaz-Canel emphasized the need for cooperation to counter the economic challenges posed by the sanctions imposed on both nations by the United States. Raisi highlighted the potential for neutralizing sanctions through the exchange of capacities between the two countries. “There is a serious determination between the two…

SINGAPORE – A co-founder of Cake DeFi, which operates a Singapore-based online platform that offers access to decentralised finance services and products, has filed for the company to be wound up. A winding up notice in The Straits Times on Dec 7 showed that the company’s co-founder and chief technology officer Chua U-Zyn, represented by law firm Rajah & Tann Singapore, had filed an application with the High Court on Dec 1. ST has contacted the group for comments. This development…

Academic researchers developed a new side-channel attack called SLAM that exploits hardware features designed to improve security in upcoming CPUs from Intel, AMD, and Arm to obtain the root password hash from the kernel memory. SLAM is a transient execution attack that takes advantage of a memory feature that allows software to use untranslated address bits in 64-bit linear addresses for storing metadata. CPU vendors implement this in different ways and have distinct terms for it. Intel calls it Linear Address Masking…