Feed aggregator

Toronto, Canada, 28th April 2025, CyberNewsWire

The post Court Dismisses Criminal Charges Against VPN Executive, Affirms No-Log Policy appeared first on The Security Ledger with Paul F. Roberts.

Article URL: https://www.politico.eu/article/huge-blackouts-cripple-power-supply-in-spain-and-portugal/

Comments URL: https://news.ycombinator.com/item?id=43821104

Points: 7

# Comments: 0

Plus, Happy Gilmore makes his triumphant return.

Unfortunately, spyware apps with poor reputations and even weaker security practices are all too common.

I’ve lost count of how many blogs I’ve written about stalkerware-type apps that not only exposed the people they spied on but also ended up exposing the spies themselves.

However, perhaps one would expect an employee monitoring app to be of a higher standard. Not in this case.

Cybernews recently uncovered that employee monitoring app WorkComposer left over 21 million images exposed in an unsecured Amazon AWS S3 bucket. These images show a frame-by-frame activity log of remote workers.

This is not just bad news for those remote workers, it could be even worse for the WorkComposer customers that can see internal communications, confidential business documents, and log in pages exposed to anyone that stumbled over the unprotected bucket.

An S3 bucket is like a virtual file folder in the cloud where you can store various types of data, such as text files, images, videos, and more. There is no limit to the amount of data you can store in an S3 bucket, and individual instances can be up to 5 TB in size.

The WorkComposer software logs keystrokes, tracks how long an employee spends on each app, and records desktop screenshots every few minutes. This means those 21 million images could reveal everything from work processes to employees’ private information.

Although there are no indications that cybercriminals gained access to the same bucket, WorkComposer has failed to respond to any notifications and queries. It did secure the access after being notified, but did not provide any comments.

This incident echoes a previous Cybernews investigation that found WebWork, another remote team tracker, leaked over 13 million screenshots containing emails, passwords, and other sensitive work data.

What to do if your employer used WorkComposer

There are some actions you can take if you are, or suspect you may have been monitored by WorkComposer.

• Change the passwords that may have been seen. You can make a stolen password useless to thieves by changing it. Choose a strong password that you don’t use for anything else. Better yet, let a password manager choose one for you.
• Enable two-factor authentication (2FA). If you can, use a FIDO2-compliant hardware key, laptop or phone as your second factor. Some forms of two-factor authentication (2FA) can be phished just as easily as a password. 2FA that relies on a FIDO2 device can’t be phished.
• Watch out for phishing attacks. Cybercriminals may use the information to craft convincing phishing emails, SMS, or messages pretending to be from trusted sources. Do not click on suspicious links or respond to unexpected messages requesting personal or work information.
• Set up identity monitoring. Identity monitoring alerts you if your personal information is found being traded illegally online, and helps you recover after.
• Report suspicious activity. If you notice any suspicious emails, messages, or unauthorized access attempts, report them immediately to your IT department or manager. Early reporting can help contain potential damage and prevent further breaches.

We don’t just report on threats – we help safeguard your entire digital identity

Cybersecurity risks should never spread beyond a headline. Protect your—and your family’s—personal information by using identity protection.

Using Linux is a good start - but it is not enough. These easy privacy tricks could mean the difference between secure and sorry.

Artificial intelligence has the potential to boost the UK economy, but people need training and assurances that their jobs are not going to be disrupted

Article URL: https://fujihack.org/doom.html

Comments URL: https://news.ycombinator.com/item?id=43820723

Points: 1

# Comments: 0

Article URL: https://arstechnica.com/security/2025/04/fbi-offers-10-million-for-information-about-salt-typhoon-members/

Comments URL: https://news.ycombinator.com/item?id=43820705

Points: 1

# Comments: 0

Article URL: https://spectrum.ieee.org/chip-design-enrollment

Comments URL: https://news.ycombinator.com/item?id=43820700

Points: 2

# Comments: 0

Hi all,

I’m a parent and meal planning for my kids always felt overwhelming. I built a web app that would let me create profiles for my children, plan their meals, put their meal preferences, recipes, export the plan to my calendar, and share links to the timetable with others, and of course an AI helping with the plan and recipe . For now it has a free plan and also paid plan with more functionalities. I hoped it would be helpful for other parents. So i shared it with some family and friends. I would really appreciate your feedback.

Thanks

Comments URL: https://news.ycombinator.com/item?id=43820687

Points: 1

# Comments: 0

Article URL: https://en.wikipedia.org/wiki/Defensive_pessimism

Comments URL: https://news.ycombinator.com/item?id=43820675

Points: 1

# Comments: 0

VeriSource Services says the personal information of 4 million people was compromised in a February 2024 cyberattack.

The post 4 Million Affected by VeriSource Data Breach appeared first on SecurityWeek.

Article URL: https://pairdrop.net/

Comments URL: https://news.ycombinator.com/item?id=43820664

Points: 1

# Comments: 0

Article URL: https://boldsign.com/blogs/boldsign-net-aspire/

Comments URL: https://news.ycombinator.com/item?id=43820663

Points: 1

# Comments: 0

Article URL: https://aeb.win.tue.nl/linux/kbd/A20.html

Comments URL: https://news.ycombinator.com/item?id=43820642

Points: 1

# Comments: 0

I created a MCP server for using OpenAI's imagegen.

Comments URL: https://news.ycombinator.com/item?id=43820631

Points: 1

# Comments: 0

Article URL: https://www.darioamodei.com/post/the-urgency-of-interpretability

Comments URL: https://news.ycombinator.com/item?id=43820619

Points: 2

# Comments: 0

Article URL: https://arxiv.org/abs/2504.11544

Comments URL: https://news.ycombinator.com/item?id=43820618

Points: 1

# Comments: 0

Article URL: https://github.com/arpanghosh8453/garmin-grafana

Comments URL: https://news.ycombinator.com/item?id=43820605

Points: 1

# Comments: 0