KXAN: Almost 2 million Texans affected by Texas Department of Insurance data breach

KXAN: Almost 2 million Texans affected by Texas Department of Insurance data breach. “The department said the personal information of 1.8 million workers who have filed compensation claims — including Social Security numbers, addresses, dates of birth, phone numbers and information about workers’ injuries — was accessible online to members of the public from March 2019 to January 2022.”

Bleeping Computer: Microsoft May 2022 Patch Tuesday fixes 3 zero-days, 75 flaws

Bleeping Computer: Microsoft May 2022 Patch Tuesday fixes 3 zero-days, 75 flaws. “Today is Microsoft’s May 2022 Patch Tuesday, and with it comes fixes for three zero-day vulnerabilities, with one actively exploited, and a total of 75 flaws. Of the 75 vulnerabilities fixed in today’s update, eight are classified as ‘Critical’ as they allow remote code execution or elevation of privileges.”

WIRED: What to Do If You Can’t Log In to Your Google Account

WIRED: What to Do If You Can’t Log In to Your Google Account. “The web is filled with advice and shortcuts on what to do in this situation, from tapping your password manager to turning off two-factor authentication (not recommended!). Rather than use Google’s most popular tool, Search, for the answer, we decided to ask the company directly what happens when users can’t get in and what steps they should take to recover their account. Guemmy Kim, director of account safety and security at Google, guided us through our questions.”

Engadget: Grindr location data was reportedly for sale for at least three years (updated)

Engadget: Grindr location data was reportedly for sale for at least three years (updated). “Grindr’s past willingness to share sensitive data may have been more problematic than previously thought. The Wall Street Journal understands precise Grindr user location data was collected from the online ad network MoPub (once owned by Twitter) and put on sale through its partner company UberMedia (now UM) since ‘at least’ 2017.”

Ars Technica: Apple, Google, and Microsoft want to kill the password with “Passkey” standard

Ars Technica: Apple, Google, and Microsoft want to kill the password with “Passkey” standard. “The standard is being called either a ‘multi-device FIDO credential’ or just a ‘passkey.’ Instead of a long string of characters, this new scheme would have the app or website you’re logging in to push a request to your phone for authentication. From there, you’d need to unlock the phone, authenticate with some kind of pin or biometric, and then you’re on your way.”

TechCrunch: Meta faces years of tougher antitrust oversight in Germany

TechCrunch: Meta faces years of tougher antitrust oversight in Germany. “Facebook’s rebranded parent, Meta, has become the next tech giant to be confirmed as subject to a special competition abuse control regime in Germany, following a 2021 update to its digital competition rules that are focused on large digital companies which are considered to be of ‘paramount significance for competition across markets’, as the law puts it. The designation, which stands for five years, empowers the regulator, the Federal Cartel Office (FCO), to take faster action to respond to competition concerns linked to Meta’s operations by imposing operational conditions intended to correct antitrust abuses.”

Engadget: Bored Ape Yacht Club’s Instagram compromised in $2.4 million NFT phishing scam

Engadget: Bored Ape Yacht Club’s Instagram compromised in $2.4 million NFT phishing scam. “Bored Ape Yacht Club creator Yuga Labs is investigating a phishing attack after a hacker stole nearly $2.5 million worth of NFTs through the official Bored Ape Instagram account. The company disclosed the hack on Monday morning in a tweet warning followers not to click on links or mint new tokens.”

Bleeping Computer: Open source ‘Package Analysis’ tool finds malicious npm, PyPI packages

Bleeping Computer: Open source ‘Package Analysis’ tool finds malicious npm, PyPI packages. “The Open Source Security Foundation (OpenSSF), a Linux Foundation-backed initiative has released its first prototype version of the ‘Package Analysis’ tool that aims to catch and counter malicious attacks on open source registries. In a pilot run that lasted less than a month, the open source project released on GitHub, was able to identify over 200 malicious npm and PyPI packages.”

WIRED: You Need to Update iOS, Android, and Chrome Right Now

WIRED: You Need to Update iOS, Android, and Chrome Right Now. “APRIL HAS BEEN a big month for security updates, including emergency patches for Apple’s iOS and Google Chrome to fix vulnerabilities already being used by attackers. Microsoft has released important fixes as part of its mid-April Patch Tuesday, while Android users across multiple devices need to make sure they are applying the latest update when it becomes available. Here are all the April updates you need to know about.”

1 News New Zealand: Spate of ram-raids driven by social media – police

1 News New Zealand: Spate of ram-raids driven by social media – police. A “ram-raid” is when a vehicle is crashed into a target location with the intention of robbery. “Police say social media is a key driving force behind the spike in ram raids across the country. Detective Inspector Karen Bright told reporters on Wednesday that offenders as young as 11 years old were posting their exploits online.”

Redis, MongoDB, and Elastic: 2022’s top exposed databases (Bleeping Computer)

Bleeping Computer: Redis, MongoDB, and Elastic: 2022’s top exposed databases. “Security researchers have noticed an increase in the number of databases publicly exposed to the Internet, with 308,000 identified in 2021. The growth continued quarter over quarter, peaking in the first months of this year. In the first quarter of 2022, the amount of exposed databases peaked to 91,200 instances, researchers at threat intelligence and research company Group-IB say in a report shared with BleepingComputer.”