A study by IntSights sketches the criminal-to-criminal market, and why it exists in the first place. True vertical integration is as rare in the underworld as it is in legitimate markets. No gang is likely to be able to do it all, hence the emergence of affiliate programs, initial access brokers, and so on.
The RansomEXX gang, recently active against targets in many countries, is threatening to leak sensitive information it stole during its ongoing extortion of hardware manufacturer Gigabyte, Computing reports.
Varonis has found exposed Salesforce Communities accessible to the Internet. The exposures are the result of misconfigurations; the data at risk includes such things as "customer lists, support cases, and employee email addresses."
The US continues its efforts to persuade friendly governments to avoid Huawei-manufactured equipment. Reuters describes a recent US approach to Brazil, during which the US observed that Huawei's supply chain difficulties would end up with it leaving Brazil's telecommunications infrastructure "high and dry." China's embassy in Brazil has protested what it characterized as American "smears" and "coercion."
Mexican prosecutors continue to investigate their country's corner of the NSO scandal, seeking to determine who authorized using Pegasus intercept tools against ordinary citizens and government critics. Reuters reports that so far there's no joy: they've come up with no arrests and prompted no firings.
It's Patch Tuesday; expect fixes to be issued throughout the day.