Data associated with about 106 million credit card users and applicants, mostly in the United States and Canada, were exposed in a breach said to have been committed by a Seattle-area woman, Paige A. Thompson, Capital One has disclosed. Ms Thompson was arrested yesterday on a charge of computer fraud and abuse. It's thought she obtained access to the data (held in a cloud) through a misconfigured firewall.
Wind River addressed eleven zero-day flaws in its VxWorks product. A detailed account of the patches and mitigations may be found here. VxWorks is used in over two-billion industrial, medical and enterprise devices. Armis Labs, which discovered and disclosed the flaws to Wind River, calls VxWorks "the most widely used operating system you may never have heard of." Six of the zero-days were critical remote code execution flaws, according to Armis Labs' report.
Synology has warned users to protect themselves against a ransomware campaign that's brute-forcing credentials in its Network Attached Storage product. Naked Security reports that Synology isn't the only NAS vendor whose products are affected.
Last week Facebook clapped a stopper over some "coordinated inauthentic activity" in Russia, Ukraine, Thailand, and Honduras.
A self-proclaimed hacker has told the Los Angeles Police Department he's got data on some 2500 police officers and about 17 thousand recruits, according to Information Security Magazine. NBC4 Los Angeles says the police union is very unhappy. The incident remains under investigation.
A High Court ruling in the UK rejects a challenge to the Investigatory Powers Act.