Toyota disclosed Friday that attackers had accessed customer sales data on its servers in Japan, ZDNet reports. There's no attribution yet, but speculation has turned toward Vietnamese threat group APT32. Infosecurity Magazine says that Toyota's operations in Vietnam may also have been hit.
As risk of Magento e-commerce software exploitation rises, BankInfo Security and others recommend immediate patching. Threatpost has a summary of available fixes.
ZDNet reports the Russian government has served ten VPN providers with notice that they have thirty days to connect their services to a government blacklist of forbidden sites or cease operations. Of the ten providers Moscow's communications authority Roskomnadzor put on notice (NordVPN, Hide My Ass, Hola VPN, OpenVPN, VyprVPN, ExpressVPN, TorGuard, IPVanish, Kaspersky Secure Connection, and VPN Unlimited) four (TorGuard, VyprVPN, OpenVPN, and NordVPN) have already stated their intention of exiting the Russian market rather than comply.
Facebook CEO Zuckerberg has an op-ed in the Washington Post in which he asks governments to regulate him.
The AP reported late Friday that Tyler Barriss has been sentenced to twenty years in a US Federal prison for his admitted role in Andrew Finch's December 2017 swatting death. Barriss's two alleged conspirators, Shane Gaskill and Casey Viner, await their own decisions.
BleepingComputer calls it ironic, but it somehow seems inevitable: the website of the Nigerian National Assembly for about two weeks was serving up a landing page for phishing attacks that were after DHL credentials. Needless to say it wasn't government policy to host this phishing tackle.