Apple has released iOS 18. We discuss the new privacy and security related features like the very handy Passwords app.

On September 16, 2024, Apple released iOS 18. Besides a lot of exciting new features, iOS 18 comes with some privacy and security enhancements.

One of the most promising new features is the new Passwords app. Built on the foundation of Apple’s password management system Keychain, Passwords makes it easier for users to access stored passwords and get an overview of their credentials.

Passwords App

One thing we often hear when we recommend the use of a password manager is that it’s too complicated. And, admittedly, many of them come with a learning curve. But Apple has made some steps in the right direction here.

Apple will also warn users if their credentials have been caught up in a data breach, so users can change their compromised password. In addition, users who have a weak password, or one that’s been used before, will be warned to pick a better one. Current users of the AutoFill function should notice how their passwords have automatically been added to the Passwords app.

iOS 18 also provides users with new tools to manage who can see their apps, how their contacts are shared, and how their iPhone connects to accessories. One of those tools allows users to adjust settings so that app notifications and content can’t inadvertently be seen by others. Another new feature is the ability to hide an app, which basically moves it to a locked, hidden apps folder that only the main user has access to. The basic functional apps can’t be hidden, but generally speaking if it’s on the App Store it can be hidden.

Hidden apps can be locked and unlocked with Face ID, Touch ID, or the device passcode, although there are a few exceptions. Account holders under age 13 can’t lock or hide an app so they can’t use it to dodge a parent’s watchful eye. Users between the ages of 13 and 18 can use these functions, but parents can still see what apps were downloaded and how much they are used.

Contact sharing is a lot more configurable, which makes life easier for those of us who use their device for work and private matters. Say, for example, a person uses an app solely for work, he might decide to share only work-related contacts with that app. Access can be updated as desired. Apple users can now see at a glance how many apps have access to data like location services, tracking, calendars, files and folders, contacts, and health information. When they tap on a particular category, users see a list of which apps have what level of access, such as limited or full.

Location services access overview

iOS 18 also prepares your device for Apple Intelligence which is expected next month.  

> “Apple Intelligence, the personal intelligence system that combines the power of generative models with personal context to deliver intelligence that is incredibly useful and relevant while protecting users’ privacy and security.”

Apple Intelligence is an artificial intelligence (AI) platform developed by Apple. Its features include on-device processing so it’s aware of your personal data, but doesn’t require Apple to collect or store it, and a new complex system designed to draw on larger server-based models to handle more complex requests, while still protecting user privacy.

I realize this sounds a lot like Microsoft’s Recall feature which was delayed after privacy and security concerns. We haven’t seen any pushback of that magnitude for Apple Intelligence. The main difference here are the regular “screenshots” that Microsoft wanted to deploy to help users later.

The privacy protections Apple promises can be important to users who want to have access to AI but are concerned about having their private data used to train models, which is something even AI enthusiasts are worried about to some extent.

To take those worries away, Apple created Private Cloud Compute (PCC), a cloud intelligence system designed specifically for private AI processing, which Apple says extends the privacy and security of Apple devices into the cloud.

A handy change for some users might be the new guest access for the Home app, which makes it easier for other members of your household to use your device to control any accessories connected to the Home app.

One safety feature I’m not that thrilled about is the Activation Lock. The Activation Lock feature is intended to block unauthorized repairs with parts from other iPhones and deter the resale of stolen components. It will link key parts like batteries, cameras, and displays to the original owner’s Apple account, making it harder to use or sell stolen parts. I fear this will only make it harder for users to go outside the channels under Apple’s control to get their devices repaired.

More new features of iOS 18 are discussed at length in this Apple newsroom article.

To check if you’re using the latest software version, go to **Settings** > **General** > **Software Update**. You want to be on iOS 18.0 or iPadOS 18.0, so update now if you’re not. It’s also worth turning on Automatic Updates if you haven’t already. You can do that on the same screen.

Available update

**We don’t just report on phone security—we provide it**

Cybersecurity risks should never spread beyond a headline. Keep threats off your mobile devices by downloading Malwarebytes for iOS, and Malwarebytes for Android today.

 iOS 18 is out. Here are the new privacy and security features 

The U.S. Department of Treasury has imposed fresh sanctions against five executives and one entity with ties to the Intellexa Consortium for their role in the development, operation, and distribution of a commercial spyware called Predator.
"The United States will not tolerate the reckless propagation of disruptive technologies that threatens our national security and undermines the privacy and

The U.S. Department of Treasury has imposed fresh sanctions against five executives and one entity with ties to the Intellexa Consortium for their role in the development, operation, and distribution of a commercial spyware called Predator.

"The United States will not tolerate the reckless propagation of disruptive technologies that threatens our national security and undermines the privacy and civil liberties of our citizens," said Acting Under Secretary of the Treasury for Terrorism and Financial Intelligence, Bradley T. Smith.

"We will continue to hold accountable those that seek to enable the proliferation of exploitative technologies, while also encouraging the responsible development of technologies that align with international standards."

The sanctioned individuals and entities are listed below -

*   Felix Bitzios, the beneficial owner of an Intellexa Consortium company that's believed to have supplied Predator to a foreign government client and the manager of Intellexa S.A.

*   Andrea Nicola Constantino Hermes Gambazzi, the beneficial owner of Thalestris Limited and Intellexa Limited, which are both members of the Intellexa Consortium

*   Merom Harpaz, a top executive of the Intellexa Consortium and the manager of Intellexa S.A.

*   Panagiota Karaoli, director of multiple Intellexa Consortium entities that are controlled by or are a subsidiary of Thalestris Limited

*   Artemis Artemiou, an employee of Intellexa S.A., as well as the general manager and member of the board of Cytrox Holdings, another member of the Intellexa Consortium

*   Aliada GroupInc., a British Virgin Islands-based company and member of the Intellexa Consortium has facilitated tens of millions of dollars of transactions

Thalestris Limited has been involved in processing transactions on behalf of other entities within the Intellexa Consortium, the Treasury said, adding that Aliada Group is directed by Tal Jonathan Dilian, the founder of the Intellexa Consortium.

The department described the consortium as a "complex international web of decentralized companies that built and commercialized a comprehensive suite of highly invasive spyware products."

The development comes a little over six months after the Treasury sanctioned Dilian, Sara Aleksandra Fayssal Hamou, and five other entities, including Intellexa S.A., on similar grounds.

It also follows a resurgence of Predator spyware activity after a period of relative silence by likely customers in Angola, the Democratic Republic of the Congo (DRC), and Saudi Arabia using new infrastructure that's designed to evade detection.

"The latest evolution of Predator infrastructure includes an additional tier in its delivery infrastructure to improve customer anonymization and enhanced operational security in its server configurations and associated domains," Recorded Future said.

"Although Predator spyware operators have changed significant aspects of their infrastructure setup, including changes that make country-specific attribution more challenging, they have largely retained their mode of operation."

It also follows Apple's decision to file a motion to dismiss its lawsuit against NSO Group for reasons that court disclosures could endanger its efforts to combat spyware, that there are steps being taken to avoid sharing information related to the Pegasus spyware, and that the impact could be diluted as a result of an expanding spyware market with new emerging players.

Found this article interesting? Follow us on Twitter __ and LinkedIn to read more exclusive content we post.

U.S. Treasury Sanctions Executives Linked to Intellexa Predator Spyware Operation

Hacktivists love to target financial services companies, and their attacks are growing both larger and longer.

Source: Daniren via Alamy Stock Photo

Financial services organizations have faced nearly twice as many distributed denial of service (DDoS) attacks this year as any other industry, thanks in part to a rise in hacktivism.

According to a new report from Akamai, between Jan. 1 and June 30, there were nearly 3,000 Layer 3 and 4 DDoS attack events in the financial services sector (Layer 3 and 4 attacks occur at the network and transport layers of Internet communication). The next most-targeted industries — gaming, then high tech, then manufacturing — suffered around 1,000 to 1,500 events each.

A number of factors contribute to the sheer scale of the threat, experts say, including a general rise in DDoS across the board, a surge in hacktivist activity in association with high-profile geopolitical conflicts, emerging threats to application programming interfaces (APIs), and more.

And at the end of the day, it's just easy. "They don't have to find a vulnerability. They don't have to find that gap in your armor. They can just literally sit there and hit a button," says Richard Hummel, director of threat intelligence for Netscout.

**Hacktivism Drives DDoS**

On July 15, beginning at 10:05 a.m. local time, the full weight of a globally distributed botnet was turned against a major financial services company in Israel.

The vectors of attack were numerous: UDP flooding, UDP fragmentation, DNS reflection, PUSH and ACK floods, and more. At its peak, the flood of data registered at 789GB per second — equivalent to millions of documents, or hundreds of thousands of photos, streaming in with each passing moment.

The peak of the event lasted until around 1 p.m. local time, but activity persisted for around 24 hours. "This attack was very exceptional in terms of total duration," Akamai researchers wrote, after helping abate the attack. "This requires significant resources and is an indication of a very sophisticated aggressor."

Remarkably, despite that aggressor dedicating so much power to one attack, a number of other Israeli financial institutions experienced outages that same day, in what researchers assessed was likely a politically motivated campaign.

It wasn't the only politically motivated DDoS campaign that happened around this time, nor was it the worst. Those Israeli companies might have considered themselves lucky compared to a UAE bank, whose website was attacked by the pro-Palestinian group BlackMeta (aka DarkMeta). In a six-day romp, the group sent 10 waves of Web requests lasting between four and 20 hours each, averaging 4.5 million per second and peaking at 14.7 million.

DDoS has surged in correlation with the wars in Gaza and Ukraine, Akamai says, particularly against European banks with connections to Ukraine. Even if a financial institution doesn't consider itself political in any way, they nonetheless serve as a useful punching bag for hackers to achieve their dogmatic goals.

**Why Hacktivists Target Finserv**

Being so central to, and interconnected with, wider society, attacks against finance tend to cause more harm and panic than those against other industries.

Plus, more so than in the US, "in European countries or Asian countries, oftentimes government and finance go hand-in-hand, so you will often see that adversaries will walk the stack of what they perceive as government-affiliated," Hummel explains.

As an example, he points to Moldova, a country with manifold conflicts with Russia. "Moldova has been hammered over and over for the past six, seven months now by NoName057 and various other groups. They started with government targets, but then they started looking at finance, at commercial banking, education, public transportation. It's a natural extension."

And as if DDoS weren't already easy enough, in Europe, it's become easier in recent years thanks to Payment Services Directive 2 (PSD2), which came into effect in January 2016. Among other things, the European Union (EU) directive required that financial services providers offer open APIs to third-party services.

PSD2 was designed to better integrate the EU payments market but, Akamai points out, it also widened the surface through which attackers could attack affected companies. APIs offer yet another opening for more sophisticated, application-layer DDoS attacks, particularly when they're poorly accounted for.

"What we're finding is that many financial institutions don't know the expanse of their API ecosystem," says Cheryl Chiodi, industry strategy manager for financial services at Akamai. "There could be developers that were working on a project and left what we call a 'rogue' API, or 'shadow' APIs that are connected to the network but aren't really doing anything. And the cybercriminal can find those entry points and use them to do their infiltration of the network."

In its report, Akamai noted "sharp increases" in DDoS attacks targeting APIs. For this reason, Chiodi urges financial services companies to perform API discovery. "That then opens up the aperture, the visibility, so that you know what the API ecosystem \[in your organization\] is in the first place," she says.

**About the Author**

Nate Nelson is a freelance writer based in New York City. Formerly a reporter at Threatpost, he contributes to a number of cybersecurity blogs and podcasts. He writes "Malicious Life" -- an award-winning Top 20 tech podcast on Apple and Spotify -- and hosts every other episode, featuring interviews with leading voices in security. He also co-hosts "The Industrial Security Podcast," the most popular show in its field.

Ukraine, Gaza Wars Inspire DDoS Surge Against Finservs

Apple is launching its first stand-alone password manager app in iOS 18. Here’s what you need to know.

Apple’s latest iPhone software update, iOS 18, arrives today and includes a new app: Passwords. For the first time, Apple is taking your phone’s ability to save login details and putting them in a standalone app. It could help improve millions of people’s terrible passwords.

After years of being told you should create unique, strong passwords for every website and app you use, you probably fall into one of two camps: people that are fully signed up to the password manager life, or those still using “123456” for every other website.

Apple’s new encrypted Passwords app is automatically included with iOS 18, and is a public-facing evolution of its Keychain and password-saving capabilities. The Keychain, which has existed for more than a decade, no longer has as prominent a home in the iPhone’s settings, and details previously saved there are being moved to the new app.

The launch of the password manager app, which will also be available on macOS Sequoia and iPadOS 18, may help improve people’s relationships with their passwords but also could, to varying degrees, challenge existing password managers.

“This move makes the app more visible to lay users and informs them about this secure method to store and manage passwords,” says Talal Haj Bakry and Tommy Mysk from security company Mysk. “You have a default password manager preinstalled on your device \[that\] provides end-to-end encryption when syncing data across devices.”

**New Passwords**

The Passwords app has a pretty barebones design. Six different tiles are presented when you open the app on an iPhone: All, Passkeys, Codes, Wi-Fi, Security, and Deleted. These are essentially the main functions of the app, allowing you to save each type of data within their relevant sections. The security section includes check-ups allowing weak and exposed passwords to be identified.

“This will definitely boost the adoption of this preinstalled app and bolster user security,” Bakry and Mysk say. They add that it presents the saved data “in a more organized way than the Settings app.”

Apple says the Passwords app uses end-to-end encryption to save your details, meaning nobody, not even Apple, knows what you have saved. Within the app, you can search for login details to your entries and set up groups to share passwords with other people.

Your saved login details are synced across Apple devices using iCloud, meaning the encrypted data is shared with Apple’s cloud servers and available on all of your Apple devices. Within Apple’s settings, you can turn off syncing passwords on a specific device. The app is locked using Face ID.

When using the Passwords app, any details you have previously saved in Keychain or AutoFill will be moved to the new location. This includes if you have used the Sign in with Apple login system on any websites or apps. It is unclear why Apple has decided to spin its Keychain system into a fully fledged password manager now, although the company has been building out the individual features over a number of years. (Apple has not responded to WIRED’s request for comment at the time of writing.)

For many people, having a standalone password manager app from Apple could encourage better password practices. Siamak Shahandashti, a senior lecturer in the University of York’s cybersecurity and privacy research group, says the move from Apple may be a usability decision. Making Passwords visible could encourage people to take their passwords seriously.

“We need to design authentication systems for human beings,” Shahandashti says. “We cannot expect users to maintain a hundred accounts, for each of them \[to\] use a strong password. It’s actually the fault of the designers because these systems have not been designed for users considering the capability of an average human being.”

**Death of the Password**

Passwords are slowly dying. Enter the passkey. For the past couple of years, websites, apps, and phone manufacturers have been in the process of rolling out passkeys—a technology that replaces passwords, is more secure, and doesn’t require you to remember any complex login details. (Although passkeys still have some teething problems.)

Leona Lassak, a research assistant at Ruhr-University Bochum who has studied passkey adoption, says greater “visibility” of the Passwords app can help get the sign-in technology to a broader audience, one which might not use a password manager otherwise. Apple’s Passwords app could help with the perception and transition to passkeys, Lassak says. “There has been discussion about the need for passkey managers, because once we actually use them on websites, there's probably going to be multiple for each website,” she says.

The app is also, at least subtly, encouraging the adoption of passkeys. Within Passwords’ settings, accessed through Apple’s System preferences, there’s the option to turn on “automatic” passkey upgrades, which will allow existing accounts to use passkeys when they are available.

**Lock In**

Password managers have existed for years and there are plenty of options you can use, from open source apps to browser-based management systems. Each comes with their own particular set of pros and cons.

Apple wading into the password management market by including a new app on millions of iPhones, Macs, and iPads could also impact the wider ecosystem. “There’s no question that Apple’s Passwords app would ‘sherlock’ third-party password managers—or make them less attractive,” say Bakry and Mysk, highlighting that people need to use iCloud to sync passwords in Apple’s system, and that those who are privacy conscious may not want this to happen automatically.

There’s also the risk of locking people into Apple’s password manager—at launch, there appear to be no options to export the saved data and use it in a commercial alternative. One competitor password manager has stressed that their software works on products “beyond” the “Apple ecosystem.” (People using Apple’s password management software on Windows devices can access saved details through iCloud for Windows.)

Ultimately, what password manager you use should reflect what type of software you want to support and the individual threats you may face. For many, Apple’s new app is probably better than not using a password manager at all.

Apple’s New Passwords App May Solve Your Login Nightmares

IFSC Code Finder Portal version 1.0 suffers from an ignored default credential vulnerability.

**IFSC Code Finder Portal 1.0 Insecure Settings**

Posted Sep 16, 2024

Authored by indoushka

IFSC Code Finder Portal version 1.0 suffers from an ignored default credential vulnerability.

tags | exploit

SHA-256 | 4c8714f261d6bcdc7f5ee89b4f1473342ced816a03f174b9a8bc607a329616e0

Download | Favorite | View

**IFSC Code Finder Portal 1.0 Insecure Settings**

    =============================================================================================================================================| # Title     : IFSC Code Finder Portal v1.0 Insecure Settings Vulnerability                                                                || # Author    : indoushka                                                                                                                   || # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 125.0.1 (64 bits)                                                            || # Vendor    : https://phpgurukul.com/ifsc-code-finder-project-using-php/                                                                  |=============================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] Insecure Settings : appears to leave a default administrative account in place post installation.[+] use payload : user =  admin & pass = Test@123[+] http://127.0.0.1/ifscfinder/admin/login.phpGreetings to :==================================================jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R |================================================================

**File Tags**

*   ActiveX (933)
*   Advisory (86,759)
*   Arbitrary (17,063)
*   BBS (2,859)
*   Bypass (1,915)
*   CGI (1,047)
*   Code Execution (7,895)
*   Conference (692)
*   Cracker (844)
*   CSRF (3,423)
*   DoS (25,236)
*   Encryption (2,394)
*   Exploit (54,214)
*   File Inclusion (4,273)
*   File Upload (1,012)
*   Firewall (822)
*   Info Disclosure (2,913)
*   Intrusion Detection (918)
*   Java (3,156)
*   JavaScript (908)
*   Kernel (7,272)
*   Local (14,848)
*   Magazine (587)
*   Overflow (13,212)
*   Perl (1,435)
*   PHP (5,262)
*   Proof of Concept (2,409)
*   Protocol (3,749)
*   Python (1,656)
*   Remote (31,860)
*   Root (3,671)
*   Rootkit (529)
*   Ruby (640)
*   Scanner (1,657)
*   Security Tool (8,046)
*   Shell (3,303)
*   Shellcode (1,219)
*   Sniffer (904)
*   Spoof (2,292)
*   SQL Injection (16,716)
*   TCP (2,463)
*   Trojan (690)
*   UDP (919)
*   Virus (673)
*   Vulnerability (33,064)
*   Web (10,136)
*   Whitepaper (3,784)
*   x86 (970)
*   XSS (18,290)
*   Other

**File Archives**

*   September 2024
*   August 2024
*   July 2024
*   June 2024
*   May 2024
*   April 2024
*   March 2024
*   February 2024
*   January 2024
*   December 2023
*   November 2023
*   October 2023
*   Older

**Systems**

*   AIX (430)
*   Apple (2,104)
*   BSD (378)
*   CentOS (61)
*   Cisco (1,954)
*   Debian (7,120)
*   Fedora (1,693)
*   FreeBSD (1,247)
*   Gentoo (4,567)
*   HPUX (881)
*   iOS (387)
*   iPhone (108)
*   IRIX (220)
*   Juniper (71)
*   Linux (51,142)
*   Mac OS X (696)
*   Mandriva (3,105)
*   NetBSD (256)
*   OpenBSD (489)
*   RedHat (16,780)
*   Slackware (941)
*   Solaris (1,615)
*   SUSE (1,444)
*   Ubuntu (9,828)
*   UNIX (9,454)
*   UnixWare (188)
*   Windows (6,766)
*   Other

IFSC Code Finder Portal 1.0 Insecure Settings

GYM Management System version 1.0 suffers from an ignored default credential vulnerability.

**GYM Management System 1.0 Insecure Settings**

Posted Sep 16, 2024

Authored by indoushka

GYM Management System version 1.0 suffers from an ignored default credential vulnerability.

tags | exploit

SHA-256 | 5ee11f413d4f6dbbb71c2d782424145f8284d96790518d7c0e3923c5bd409844

Download | Favorite | View

**GYM Management System 1.0 Insecure Settings**

    ====================================================================================================================================| # Title     : GYM Management System 1.0 Insecure Settings Vulnerability                                                          || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 130.0.0 (64 bits)                                                   || # Vendor    : https://phpgurukul.com/gym-management-system-using-php-and-mysql/                                                  |====================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] Insecure Settings : appears to leave a default administrative account in place post installation.[+] use payload :     Username: admin@gmail.com      Password: Test@123[+] http://127.0.0.1/agms/admin/dashboard.phpGreetings to :==================================================jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R |================================================================

**File Tags**

*   ActiveX (933)
*   Advisory (86,759)
*   Arbitrary (17,063)
*   BBS (2,859)
*   Bypass (1,915)
*   CGI (1,047)
*   Code Execution (7,895)
*   Conference (692)
*   Cracker (844)
*   CSRF (3,423)
*   DoS (25,236)
*   Encryption (2,394)
*   Exploit (54,214)
*   File Inclusion (4,273)
*   File Upload (1,012)
*   Firewall (822)
*   Info Disclosure (2,913)
*   Intrusion Detection (918)
*   Java (3,156)
*   JavaScript (908)
*   Kernel (7,272)
*   Local (14,848)
*   Magazine (587)
*   Overflow (13,212)
*   Perl (1,435)
*   PHP (5,262)
*   Proof of Concept (2,409)
*   Protocol (3,749)
*   Python (1,656)
*   Remote (31,860)
*   Root (3,671)
*   Rootkit (529)
*   Ruby (640)
*   Scanner (1,657)
*   Security Tool (8,046)
*   Shell (3,303)
*   Shellcode (1,219)
*   Sniffer (904)
*   Spoof (2,292)
*   SQL Injection (16,716)
*   TCP (2,463)
*   Trojan (690)
*   UDP (919)
*   Virus (673)
*   Vulnerability (33,064)
*   Web (10,136)
*   Whitepaper (3,784)
*   x86 (970)
*   XSS (18,290)
*   Other

**File Archives**

*   September 2024
*   August 2024
*   July 2024
*   June 2024
*   May 2024
*   April 2024
*   March 2024
*   February 2024
*   January 2024
*   December 2023
*   November 2023
*   October 2023
*   Older

**Systems**

*   AIX (430)
*   Apple (2,104)
*   BSD (378)
*   CentOS (61)
*   Cisco (1,954)
*   Debian (7,120)
*   Fedora (1,693)
*   FreeBSD (1,247)
*   Gentoo (4,567)
*   HPUX (881)
*   iOS (387)
*   iPhone (108)
*   IRIX (220)
*   Juniper (71)
*   Linux (51,142)
*   Mac OS X (696)
*   Mandriva (3,105)
*   NetBSD (256)
*   OpenBSD (489)
*   RedHat (16,780)
*   Slackware (941)
*   Solaris (1,615)
*   SUSE (1,444)
*   Ubuntu (9,828)
*   UNIX (9,454)
*   UnixWare (188)
*   Windows (6,766)
*   Other

GYM Management System 1.0 Insecure Settings

A hacker known as IntelBroker claims to have breached the UK-based company Experience Engine, allegedly exposing sensitive data.…

A hacker known as IntelBroker claims to have breached the UK-based company Experience Engine, allegedly exposing sensitive data. The hacker is selling the data on an online forum, raising concerns about data security for affected clients and businesses.

The notorious IntelBroker hacker has claimed responsibility for breaching Experience Engine, a UK-based company that provides experiential marketing and promotional staffing services. The hacker, who was previously linked to several high-profile data breaches, is now selling the allegedly stolen data on Breach Forums, demanding payment in **Monero** (XML) cryptocurrency to remain anonymous and untraceable.

****Who is Experience Engine?****

Experience Engine, founded over 20 years ago, specializes in creating experiential marketing and promotional staffing solutions. With a global reach and a client base that includes major corporations; they work across sectors such as tech, public sectors, and fast-moving consumer goods (FMCG) brands, offering a network of over 1,200 “Experience Engineers™.”

These professionals are tech-trained to help businesses engage with customers through activations, events, and brand ambassador roles. The company claims to offer access to over 200,000 properties worldwide, focusing on integrating campaigns and humanizing complex technological messages for brands.

Screenshot from Experience Engine’s website highlighting its portfolio

****The Alleged Breach****

According to IntelBroker, the breach occurred in September and involves a trove of sensitive data. The hacker is also offering to sell entire .bak database files, which contain a large amount of client and transactional information. IntelBroker has even provided sample data, which includes details from tables such as dbo.invoice and dbo.booking_backup, containing thousands of rows of sensitive records.

One of the notable tables, dbo.invoice, includes 31,000 rows of data, with fields such as InvoiceID, InvoiceNumber, and InvoiceDate, alongside client-specific information such as contact details and invoice amounts. For instance, one invoice dated October 3, 2006, references Thomas Cook, a now-defunct global travel group, headquartered in the United Kingdom with payment details and banking information related to a booking at the now permanently closed Thirty Thirty New York City Hotel.

InterBorken hacker on Breach Forums (Screenshot: Hackread.com)

Another table, dbo.booking_backup, contains 784,000 rows of data, featuring sensitive customer information such as names, addresses, emails, booking histories, and revenue data. Among the entries are details of clients from the UK, United States, and Saint Lucia, with personal information, email addresses, and booking records all included.

The data sample provided by IntelBroker reveals alarming details of the alleged breach. The exposed data includes highly sensitive information, including financial transactions, customer contact details, and bank account numbers.

For instance, a sample from the dbo.invoice table analyzed by the Hackread.com research team shows details of an invoice amounting to $4699.36, with full banking details for the recipient. The booking records reveal customer names, addresses, and even room revenue from bookings, which can put individuals’ privacy and financial security at risk.

Moreover, the nature of the alleged data breach suggests that Experience Engine’s security protocols may have been insufficient to prevent this large-scale leak. Given that the company manages promotional staffing and experiential campaigns for global brands, the impact on their reputation could be severe.

****IntelBroker’s Dark History****

IntelBroker is no stranger to the hacking world. The hacker has been linked to several high-profile breaches, including the following organisations:

*   **Europol**
*   **Tech in Asia**
*   **Space-Eyes**
*   **Home Depot**
*   **Facebook Marketplace**
*   **U.S. contractor Acuity Inc.**
*   **Staffing giant Robert Half**
*   **Los Angeles International Airport**
*   **Alleged breaches of HSBC and Barclays Bank**

Although the hacker’s origins and affiliates are unknown, according to the United States government, IntelBroker is alleged to be the perpetrator behind one of the **T-Mobile data breaches**.

(Screenshot: Hackread.com)

The alleged breach of Experience Engine adds another company to IntelBroker’s cybercrime portfolio. With millions of sensitive records potentially exposed, the fallout from this breach could have long-lasting consequences.

Hackread.com has reached out to Experience Engine for comment. If and when the company responds the article will be updated accordingly. Stay tuned!

1.  **UK’s Freecycle Data Breach Impacts 7 Million Users**
2.  **Exposed ICS in the US, and UK Threaten Water Supplies**
3.  **NCA Arrests Teenager in Walsall Over TfL Cyber Attack**
4.  **IntelBroker Apple Breach: Steals Source Code for Internal Tools**
5.  **UK Criminal Records Office Down in Potential Ransomware Attack**

Hacker Claims Breach of UK’s Experience Engine, Data Sold Online

Apple has filed a motion to "voluntarily" dismiss its lawsuit against commercial spyware vendor NSO Group, citing a shifting risk landscape that could lead to exposure of critical "threat intelligence" information.
The development was first reported by The Washington Post on Friday.
The iPhone maker said its efforts, coupled with those of others in the industry and national governments to tackle

Spyware / Threat Intelligence

Apple has filed a motion to "voluntarily" dismiss its lawsuit against commercial spyware vendor NSO Group, citing a shifting risk landscape that could lead to exposure of critical "threat intelligence" information.

The development was first reported by The Washington Post on Friday.

The iPhone maker said its efforts, coupled with those of others in the industry and national governments to tackle the rise of commercial spyware, have "substantially weakened" the defendants.

"At the same time, unfortunately, other malicious actors have arisen in the commercial spyware industry," the company said. "It is because of this combination of factors that Apple now seeks voluntary dismissal of this case."

"While Apple continues to believe in the merits of its claims, it has also determined that proceeding further with this case has the potential to put vital security information at risk."

Apple originally filed the lawsuit against the Israeli company in November 2021 in an attempt to hold it accountable for illegally targeting users with its Pegasus surveillance tool.

It described NSO Group, a subsidiary of Q Cyber Technologies Limited, as "amoral 21st century mercenaries who have created highly sophisticated cyber-surveillance machinery that invites routine and flagrant abuse."

Earlier this January, a federal judge denied a motion from NSO Group to dismiss the lawsuit under the grounds that the company is "based in Israel and Apple should have sued them there," with the court stating that "the anti-hacking purpose of the CFAA fits Apple's allegations to a T, and NSO has not shown otherwise."

In its motion for voluntary dismissal, Apple said three major developments have been a contributing factor: The risk that the threat intelligence information it has developed to protect users against spyware attacks could be exposed, pointing to a July 25, 2024, report from The Guardian.

The British newspaper revealed that Israeli officials had seized documents from NSO Group in July 2020 in an apparent effort to stop the handover of information about the notorious hacking tool as part of the company's ongoing legal tussle with Meta-owned WhatsApp, which filed a similar lawsuit in 2019.

"The seizures were part of an unusual legal maneuver created by Israel to block the disclosure of information about Pegasus, which the government believed would cause 'serious diplomatic and security damage' to the country," The Guardian noted at the time.

Apple also cited as reasons for changing dynamics in the commercial spyware industry and the proliferation of different spyware companies, as well as the possibility of revealing to third-parties "the information Apple uses to defeat spyware while defendants and others create significant obstacles to obtaining an effective remedy."

The development comes as the Atlantic Council divulged that the individuals behind some of the spyware vendors in Israel, Italy, and India that have come under the scanner for enabling authoritarian regimes to spy on human rights advocates, opposition leaders, and journalists have sought to rename them, start new ones, or undertake strategic jurisdiction hopping.

Case in point, Intellexa, the now-sanctioned company behind the Predator spyware, has resurfaced with new infrastructure in connection with its ongoing use by likely customers in countries such as Angola, the Democratic Republic of the Congo (DRC), and Saudi Arabia.

"Predator's operators have significantly enhanced their infrastructure, adding layers of complexity to evade detection," the cybersecurity company's Insikt Group said.

"The new infrastructure includes an additional tier in its multi-tiered delivery system, which anonymizes customer operations, making it even harder to identify which countries are using the spyware."

Found this article interesting? Follow us on Twitter __ and LinkedIn to read more exclusive content we post.

Apple Drops Spyware Case Against NSO Group, Citing Risk of Threat Intelligence Exposure

Plus: New evidence emerges about who may have helped 9/11 hijackers, UK police arrest a teen in connection with an attack on London’s transit system, and Poland’s spyware scandal enters a new phase.

After Apple's product launch event this week, WIRED did a deep dive on the company's new secure server environment, known as Private Cloud Compute, which attempts to replicate in the cloud the security and privacy of processing data locally on users' individual devices. The goal is to minimize possible exposure of data processed for Apple Intelligence, the company's new AI platform. In addition to hearing about PCC from Apple's senior vice president of software engineering, Craig Federighi, WIRED readers also received a first look at content generated by Apple Intelligence's “Image Playground” feature as part of crucial updates on the recent birthday of Federighi's dog Bailey.

Turning to privacy protection of a very different kind in another new AI service, WIRED looked at how users of the social media platform X can keep their data from being slurped up by the “unhinged” generative AI tool from xAI known as Grok AI. And in other news about Apple products, researchers developed a technique for using eye tracking to discern passwords and PINs people typed using 3D Apple Vision Pro avatars—a sort of keylogger for mixed reality. (The flaw that made the technique possible has since been patched.)

On the national security front, the US this week indicted two people accused to spreading propaganda meant to inspire “lone wolf” terrorist attacks. The case, against alleged members of the far-right network known as the Terrorgram Collective, marks a turn in how the US cracks down on neofascist extremists.

And there's more. Each week, we round up the privacy and security news we didn’t cover in depth ourselves. Click the headlines to read the full stories. And stay safe out there.

**ChatGPT Tricked Into Revealing Instructions for Making Fertilizer Bombs After Being Led Deep Into Fantasy Storytelling**

OpenAI's generative AI platform ChatGPT is designed with strict guardrails that keep the service from offering advice on dangerous and illegal topics like tips on laundering money or a how-to guide for disposing of a body. But an artist and hacker who goes by “Amadon” figured out a way to trick or “jailbreak” the chatbot by telling it to “play a game” and then guiding it into a science-fiction fantasy story in which the system's restrictions didn't apply. Amadon then got ChatGPT to spit out instructions for making dangerous fertilizer bombs. An OpenAI spokesperson did not respond to TechCrunch's inquiries about the research.

“It’s about weaving narratives and crafting contexts that play within the system’s rules, pushing boundaries without crossing them. The goal isn’t to hack in a conventional sense but to engage in a strategic dance with the AI, figuring out how to get the right response by understanding how it ‘thinks,’” Amadon told TechCrunch. “The sci-fi scenario takes the AI out of a context where it’s looking for censored content … There really is no limit to what you can ask it once you get around the guardrails.”

**New Evidence Indicates That at Least Two Saudi Officials May Have Helped 9/11 Hijackers**

In the fervent investigations following the September 11, 2001, terrorist attacks in the United States, the FBI and CIA both concluded that it was coincidental that a Saudi Arabian official had helped two of the hijackers in California and that there had not been high-level Saudi involvement in the attacks. The 9/11 commission incorporated that determination, but some findings indicated subsequently that the conclusions might not be sound. With the 23-year anniversary of the attacks this week, ProPublica published new evidence “suggest\[ing\] more strongly than ever that at least two Saudi officials deliberately assisted the first Qaida hijackers when they arrived in the United States in January 2000.”

The evidence comes primarily from a federal lawsuit against the Saudi government brought by survivors of the 9/11 attacks and relatives of victims. A judge in New York will soon make a decision in that case about a Saudi motion to dismiss. But evidence that has already emerged in the case, including videos and documents such as telephone records, points to possible connections between the Saudi government and the hijackers.

“Why is this information coming out now?” said retired FBI agent Daniel Gonzalez, who pursued the Saudi connections for almost 15 years. “We should have had all of this three or four weeks after 9/11.”

**British Teenager Arrested in Investigation of Cyberattack on London Transportation Agency**

The United Kingdom's National Crime Agency said on Thursday that it arrested a teenager on September 5 as part of the investigation into a cyberattack on September 1 on the London transportation agency Transport for London (TfL). The suspect is a 17-year-old male and was not named. He was “detained on suspicion of Computer Misuse Act offenses” and has since been released on bail. In a statement on Thursday, TfL wrote, “Our investigations have identified that certain customer data has been accessed. This includes some customer names and contact details, including email addresses and home addresses where provided.” Some data related to the London transit payment cards known as Oyster cards may have been accessed for about 5,000 customers, including bank account numbers. TfL is reportedly requiring roughly 30,000 users to appear in person to reset their account credentials.

**Polish Court Blocks Investigation Into Apparent Spyware Abuses by Previous Government Administration**

In a decision on Tuesday, Poland’s Constitutional Tribunal blocked an effort by Poland's lower house of parliament, known as the Sejm, to launch an investigation into the country's apparent use of the notorious hacking tool known as Pegasus while the Law and Justice (PiS) party was in power from 2015 to 2023. Three judges who had been appointed by PiS were responsible for blocking the inquiry. The decision cannot be appealed. The decision is controversial, with some, like Polish parliament member Magdalena Sroka, saying that it was “dictated by the fear of liability.”

Security News This Week: A Creative Trick Makes ChatGPT Spit Out Bomb-Making Instructions

A new Android malware called Trojan Ajina.Banker is targeting Central Asia – Discover how this malicious malware disguises…

A new Android malware called Trojan Ajina.Banker is targeting Central Asia – Discover how this malicious malware disguises itself as legitimate apps to steal banking information and intercept 2FA messages. Learn about the tactics used by the attackers and how to protect yourself from this growing threat.

Central Asia has become the target of a malicious new campaign distributing Android malware dubbed “Ajina.Banker.” Discovered by Group-IB in May 2024, Ajina.Banker has been wreaking havoc since November 2023 and around 1,400 unique variants of the malware were identified by researchers.

The malware is named after a malevolent Uzbek mythical spirit known for deception, shape-shifting, and chaos. Ajina.Banker targets unsuspecting users by masquerading as trusted applications like banking services, government portals, and everyday utilities “to maximize infection rates and entice people to download and run the malicious file, thereby compromising their devices.”

The malware primarily spreads through social engineering tactic on messaging platforms like Telegram. Attackers create numerous accounts to distribute malicious links and files disguised as enticing offers, promotions, or even local tax authority apps. Users lured by the promise of “lucrative rewards” or “exclusive access” unknowingly download and install the malware, compromising their devices.

The attackers also employ a multi-pronged approach, sending messages with just the malicious file attached, exploiting user curiosity. Additionally, they share links to channels hosting the malware, bypassing security measures in place on some community chats.

Ajina used themed messages and localized promotion strategies to create a sense of urgency and excitement in regional community chats, urging users to click on links or download files without suspecting malicious intent. These campaigns were conducted across multiple accounts, sometimes simultaneously, indicating a coordinated effort.

While primarily targeting users in Uzbekistan, Ajina.Banker’s reach extends beyond borders. The malware collects information on installed financial applications from various countries, including Armenia, Azerbaijan, Iceland, and Russia. Additionally, it gathers SIM card details and intercepts incoming SMS messages, potentially capturing 2FA codes for financial accounts.

The malware exhibits a concerning level of adaptability. The analysis reveals two distinct versions – com.example.smshandler and org.zzzz.aaa – suggesting ongoing development. Newer versions showcase additional functionalities, including the ability to steal user-provided phone numbers, bank card details, and PIN codes.

Group-IB’s investigation suggests Ajina.Banker operates on an affiliate program model. A core group manages the infrastructure, while a network of affiliates handles distribution and infection chains, likely incentivized by a share of the stolen funds.

To protect yourself and your devices from Ajina.Banker and similar threats, be cautious of unsolicited messages and downloads, stick to trusted app stores like Google Play Store, scrutinize app permissions, install security software, and stay updated on the latest malware threats and best practices for mobile security.

Rocky Cole, Co-Founder and COO of mobile device security company iVerify shared his comments about this cunning new campaign with Hackread.com:

“Credential theft is the number one action being taken by threat actors. It’s so easy to steal credentials on phones where smaller screens, lower attention spans, lack of training, and the mixing of personal and professional use cases put people at risk. This new Android malware is just a continuation of that trend and a prime example of why phones should be running EDR platforms to detect malicious APKs and social engineering attempts.”

1.  **Hackers using Google Sites to spread banking malware**
2.  **Google reveals spyware attack on Android, iOS, and Chrome**
3.  **Scylla Ad Fraud on iOS, Android Users Halted by Apple, Google**
4.  **V3B Phishing Kit Steals Logins and OTPs from EU Banking Users**
5.  **Android Banking Malware FjordPhantom Steals Via Virtualization**

Tag

#apple