New York Times Source Code, TikTok Zero-Day: Your Cybersecurity News Roundup
New York Times Source Code and Internal Data Leaked on 4chan
An anonymous 4chan user has claimed to have leaked 270GB of internal data belonging to The New York Times, encompassing source code, web assets, and potentially sensitive information. The leak reportedly stems from an exposed GitHub token, a security lapse that The New York Times has acknowledged occurred in January. Despite this breach, the newspaper asserts that its internal systems remain secure and operations unaffected.
This incident, unfortunately, isn’t isolated. It follows similar breaches targeting Disney and Ticketmaster, underscoring organisations’ escalating vulnerability to cyberattacks across various sectors. The frequency and severity of these breaches raise concerns about the efficacy of current cybersecurity measures and the need for heightened vigilance in safeguarding sensitive data.
TikTok Zero-Day Exploited to Takeover High-Profile Accounts
Several high-profile TikTok accounts, including those of CNN, Sony, and Paris Hilton, have fallen victim to a sophisticated cyberattack. This exploit leverages a zero-day vulnerability within TikTok’s direct messaging system, enabling hackers to seize account control without any action from the target beyond opening a malicious message.
TikTok has confirmed the breach and is actively working to mitigate the issue and assist affected users. However, the company remains tight-lipped about the specifics of the vulnerability and the full extent of the damage, raising concerns among users and cybersecurity experts alike.
This incident is particularly alarming due to the nature of the exploit, which doesn’t rely on traditional phishing tactics or user error. This breach is not an isolated incident for TikTok. The platform has faced numerous security challenges in recent years, including vulnerabilities that allowed for account takeovers and data theft. These recurring incidents cast a shadow over TikTok’s security practices and raise questions about the platform’s ability to protect its users’ data.
Eye Clinic Management Service Provider Suffers Ransomware Attack, Exposes 300,000
In a potentially devastating incident, a ransomware attack targeting Panorama Eyecare, a Colorado-based management service provider for eye clinics, has compromised the sensitive financial information of over 300,000 individuals. The breach, which occurred between May 22nd and June 4th, 2023, exposed data such as financial account numbers, credit/debit card numbers, security codes, access codes, passwords, and account PINs.
While Panorama Eyecare claims there is no evidence of misuse of the stolen data thus far, the potential for identity theft and financial fraud is significant. Adding to the concern, the notorious Russia-linked LockBit ransomware gang listed Panorama Eyecare as a victim on their dark website on July 15th, 2023, further solidifying suspicions that the data leak resulted from a ransomware attack.
