Data leaks, AI and ransomware topped the headlines in 2023 for SC Media
Ransomware, cloud leaks and AI — oh my! It was a year when both old and new cyber threats shared center stage, while cybersecurity teams also raced to meet creeping compliance deadlines.
Here is a roundup of 10 of SC Media’s most-viewed stories this year, including a mix of news, analysis and opinion, as well as “honorable mentions” that hit on the topics that mattered most to you.
1. 260K dating profiles leaked in publicly accessible ASW S3 storage
Sensitive data doesn’t get much more sensitive than the 340 GB of files leaked by an app called 419 Dating – Chat & Flirt. As we reported in July, a publicly accessible database was discovered in an Amazon Web Services S3 storage bucket by vpnMentor researcher Jeremiah Fowler, who believed the leak was most likely due to a misconfigured firewall. In addition to 260,000 user account email addresses, the database contained explicit photographs and Software Development Kit files for two other dating apps.
Honorable mentions – more on cloud security:
2. NPM software repository flooded with 15K phishing packages
This incident in February highlights dangers lurking in the open-source ecosystem. Thousands of software packages promising game cheats and increased followers on social media platforms like TikTok were uploaded to the NPM repository to lure users to phishing websites. Researchers from Checkmarx said they believed the phishing packages were distributed using an automated process and carried out through multiple user accounts, making it difficult to quickly detect and remove the malicious packages.
Honorable mentions – more on phishing:
3. Google details 0-click bug in Pixel 6 modem
This vulnerability — or rather, a combination of two critical vulnerabilities — could allow an adversary with the right resources to hijack a victim’s Android handset simply by initiating a phone call. Because the exploit relies on the ability to downgrade the Pixel 6’s cellular modem communication to 2G, the Android Red Team members who disclosed the bug at Black Hat in August recommended that all Android users disable 2G communication.
Honorable mentions – more on vulnerability management:
