UpGuard has disclosed that it found Microsoft Power Apps portals "configured to allow public access." The researchers notified forty-seven organizations that their data were vulnerable to exposure. Some of the information at risk included "personal information used for COVID-19 contact tracing, COVID-19 vaccination appointments, social security numbers for job applicants, employee IDs, and millions of names and email addresses." The issue involves misconfiguration as opposed to exploitation of a vulnerability. Users are addressing the misconfiguration.
A group calling itself Adalat Ali ("Justice of Ali") has posted video it says it obtained by compromising CCTV systems at Iran's Evin prison, Zero Day reports. Adalat Ali, which may be an Iranian dissident hacktivist group, says it wished to draw the world's attention to abusive conditions in Evin.
The US FBI yesterday warned of the activities of a ransomware gang styling itself the "OnePercent Group." The Record reports that the OnePercent Group is a criminal customer of ransomware-as-a-service operators. It is (or has been) a known affiliate of REvil, Egregor, and Maze.
"Mr. White Hat," as Poly Network refers to the hacker who looted cryptocurrency held by the DeFi provider, has now returned all of the more than $600 million stolen in the theft. Vice reports that Poly Network is now in the process of returning the holdings to their proper owners.
Digital Shadows offers a look at fraud, contention, and mutual exploitation in the cybercriminal underworld. The C2C market does function like a market, but a market with some very ugly corners.