But that’s not all. Each week, we round up the security news we didn’t cover in depth ourselves. Click on the headlines to read the full stories. And stay safe out there.
For the third time since 2010, spyware vendor mSpy has suffered a substantial data breach, this time exposing millions of customers and prospective users around the globe, many of whom appear to have used the software to snoop on others. The leaked trove, published by transparency group Distributed Denial of Secrets, contains potentially terabytes of data apparently stolen from mSpy’s customer support system, Zendesk. It reveals names, email addresses, customer support tickets and documentation, and more.
Unlike military-grade spyware, like NSO Group’s infamous Pegasus, mSpy is a consumer product that’s often marketed as a way for parents to keep tabs on their children’s phone usage. But its customer base isn’t necessarily limited to nosey parents. Among the data is evidence that US government entities at least inquired about using the software, including the Social Security Administration, Immigration and Customs Enforcement personnel, and a US federal judge. Given the amount of data exposed by the leak, expect more revelations to trickle out.
The Heritage Foundation—a right-wing think tank whose “Project 2025” plan for molding the US into what critics describe as an autocratic Christian nationalist state ruled by an Über President Donald Trump—suffered a minor cyberattack this week at the gloved hands of self-described “gay furry hackers.” The breach itself appears to have been fairly minor—2 gigabytes of data taken from a blog called the Daily Signal. Much of it was “useless,” according to “vio,” one of the hackers with the group SeigSec, which said it targeted the Heritage Foundation because “Project 2025 threatens the rights of abortion health care and LGBTQ+ communities in particular.” Still, the intrusion apparently irked Heritage columnist Mike Howell, whose alleged chat with “vio” was leaked and later shared by Howell. SeigSec, which previously targeted a US nuclear lab and NATO, now says it is disbanding.
Victims of ransomware attacks only have two choices, and both of them are bad: Refuse to pay the attackers and try to claw your way back without access to your systems and data, or pay up and hope they give you the decryption keys—and don’t leak your data anyway. CDK Global, which provides software to US car dealerships, seems to have picked the latter option. According to researchers at crypto tracing firm TRM Labs, CDK sent 387 bitcoin, worth around $25 million, to an account believed to be controlled by the BlackSuite ransomware gang. CDK has not confirmed the payment, but if accurate it would be at least the second major payment to ransomware gangs this year. In March, Change Healthcare paid a $22 million ransom to help end the disruption to medical facilities across the US. The problem with paying—besides costing a literal fortune—is that it can encourage more ransomware attacks. In fact, following Change Healthcare’s payment, researchers at security firm Recorded Future saw the largest spike in ransomware attacks targeting the health care industry in the four years that it has tracked the criminal activity. The catch, of course, is that paying can work: CDK indicated last week that nearly all of the 15,000 dealerships it works with are back online.
The US Department of Justice announced on Tuesday that US, Canadian, and Dutch authorities seized two domains used to operate a “bot farm” allegedly created by RT, the Russian state media organization, and operated by Russia’s Federal Security Service (FSB). The DOJ says it identified 968 social media accounts linked to the bot farm that were used to amplify RT content online. The RT bot farm was created in 2022, according to the DOJ, and commandeered by an FSB agent in 2023. It is unclear what impact the bot farm had, and the DOJ says its investigation is ongoing.
