AdsPower Fingerprint Browser Hacking Incident
AdsPower Fingerprint Browser transparently disclosed a breach, if you are using AdsPower and have installed an extension wallet or manually updated an extension wallet from January 21, 18:00 to January 24, 18:00 (UTC+8), then the extension wallet (e.g., MetaMask, etc.) on your AdsPower may be the version with the backdoor, which backdoor will steal your helper/private key.
The official announcement is below:
Dear users.
On January 24, 2025, the AdsPower security team discovered that some of the Encrypted Wallet plugins were maliciously substituted. We take this very seriously and have fixed the issue at the first opportunity to ensure your data is safe.
To further protect your assets, if you have updated or installed the Encrypted Wallet plugin between January 21st 18:00 and January 24th 18:00 (UTC+8), we recommend that you re-install the plugin and transfer funds to the new Secure Wallet address.
If you do not operate during this time, or do not receive our in-app notifications, then you have nothing to worry about, your account is safe.
However, we understand that this situation may have caused you distress and anxiety. In order to further investigate and ensure that the matter is dealt with thoroughly, we have invited Slow Fog Technology
@SlowMist_Team
Participate in the investigation and collection of evidence.
If you have any questions or need any help, please feel free to contact us through our online customer service at the bottom right corner of the client terminal or by email (support@adspower.net).
Thank you for your understanding and support, the AdsPower team will continue to work hard to ensure that we can provide you with more secure and reliable services🙏.
AdsPower Team
Arresting 70,000 people and rescuing more than 160, China and many countries jointly operate to combat electric extortion
From August to December 2024, the Lancang Law Enforcement Cooperation Centre organized and implemented the "Seagull" joint law enforcement operation, coordinating the law enforcement departments of six countries, namely Cambodia, China, Lao People's Democratic Republic, Myanmar, Thailand and Viet Nam, to jointly combat regional telecommunication network fraud crimes and their derivatives, as well as crimes of smuggling of firearms and ammunition. During the operation, the parties cracked more than 160 cases of various types, mainly involving wire fraud, arrested more than 70,000 suspects and rescued more than 160 victims.
This year, the Center will launch the second phase of the "Seagull" joint operation at an appropriate time, and continue to focus on combating telecommunication network fraud and its derivative crimes, in particular, making every effort to rescue lost and trapped persons from various countries, so as to effectively safeguard the safety of people's lives and property in various countries of the region, as well as the security and stability of the region.
Healthcare industry leaks data on over 235,000 patients, healthcare organizations pay over $10 million in damages
Recently, a court in the US state of New York has preliminarily approved a $1.5 million (Rs. 10.86 million) settlement agreement for resolving a class action lawsuit against One Brooklyn Health System. The lawsuit stems from a November 2022 cyberattack that resulted in the compromise of sensitive health data of more than 235,000 people.
Under the proposed settlement, eligible class action members can submit claims for up to $2,500 in actual out-of-pocket damages, as well as compensation for time spent dealing with the consequences of the data breach (up to four hours at $25 per hour).
Industry "insiders" bidding, 300,000 homeowners' information leaked.
Recently, the Public Security Bureau of X City, Shandong Province, cracked a case of infringement of citizens' personal information and arrested over 60 suspects. The suspects used the identities of building salespeople to sell owners' names, cell phone numbers, house numbers, household types, ID numbers and bank loan information to decoration, home appliance and furniture companies, involving more than 300,000 pieces of information. "Each roughly ranges from 0.5 yuan to 10 yuan a piece, old neighborhoods are relatively cheap because the owners' willingness to renovate is not great, while those newer neighborhoods, neighborhoods about to be handed over, and villa areas are a bit more expensive for the owners' information." The case involves more than 200,000 yuan, the police will continue in-depth investigation, and to remind enterprises to strengthen data protection, the public to raise awareness of personal information protection. Once the leakage behavior is found, the police should be timely to protect the rights and interests.
Artificial Intelligence Safety Regulatory System for Cybersecurity Institution Building
Xinhua News Agency has been authorized to release the Decision of the Central Committee of the Communist Party of China on Further Comprehensively Deepening Reforms to Advance Chinese-Style Modernization, which mentions strengthening the network security system and establishing a system for the safety supervision of artificial intelligence.
Massive data breach of sensitive personal information at Canadian healthcare organization
On May 30, 2024, the Qiulong ransomware organization allegedly announced a major data breach involving Indigo ENT Group, a company involved in the hospital and healthcare industry based in Coquitlam, British Columbia, Canada. According to a post shared by the organization, they had infiltrated Indigo ENT's network for several weeks, during which time they claimed to have stolen thousands of pieces of personal, confidential, and protected health information (PHI), as well as patients' personally identifiable information (PII).
Massive data breach of sensitive user information at Peruvian credit bank
BCP Peru's database was allegedly compromised and made available for download. The allegedly compromised data consisted of 57,694 rows, including sensitive customer information such as card type, issue type, bank identification number, cardholder name, account holder name, home address, province of residence, customer ID, and primary phone number. If true, the intrusion poses a significant risk to affected individuals and could lead to identity theft, financial fraud and other malicious activity.
Massive breach of medical data at US healthcare company
A major U.S. healthcare provider is selling 1.5 terabytes of sensitive patient data in an unauthorized FTP. The access consisted of comprehensive patient files containing detailed personal information. The type of access is FTP with write-to-download functionality, allowing potential buyers to manipulate the data as they see fit. The data is 1.5 terabytes in size and is open on 1/30/2024.
Patient files contain a wealth of personal information, including address, patient name, date of birth, social security number (SSN), gender, phone number, and more. Shockingly, the company actively updates and edits this data on a daily basis. Despite being listed for sale since March 2, 2024, it remains unsold. The targeted organizations cover more than 50 facilities in the U.S., so the potential impact of this breach is wide-ranging.
Leakage of data information:
Access type: FTP with write-to-download functionality
Data size: 1.5 TB
Time to market: As of January 30, 2024
What: Complete patient file including address, patient name, date of birth, Social Security Number (SSN), gender, phone number, etc.
UPDATE: The company is actively updating and editing data on a daily basis. Despite being listed for sale since March 2, 2024, it remains unsold.
Scope: Targets include more than 50 plants in the United States.
Swarovski stockpile suffers ransom threat from unauthorized access
In a cyber incident, unauthorized access to the Swarovski management portal was sold. This access allegedly allowed potential buyers to view and extract all customer data, posing a significant security threat to the company's customers. The price tag for such unauthorized access was 800 euros.
Russian Hacking Group Hunt3r Kill3rs Launches Cyber Attacks on Israeli Government and Military Infrastructure
The Russian hacking organization Hunt3r Kill3rs has announced that it will launch a new round of cyberattacks against Israel, focusing on its military and government infrastructure. In a statement, the organization declared its intention to "torture Israel" and promised to carry out relentless attacks until what they consider to be Israel's crimes cease.
The Hunt3r Kill3rs organization has announced that it will continue to launch attacks against Israel. According to the organization's statement, these cyberattacks will continue until what they call Israeli crimes are over. The organization's vow to step up its efforts indicates that they will carry out long-term and targeted attacks against Israeli infrastructure.