Coinbase disclosed that a threat actor obtained internal documents and customer data by paying overseas contractors. The company did not pay the ransom and estimates the incident could cost $180M–$400M.

1️⃣ Data was stolen via insider access from overseas contractors.
2️⃣ Affected info includes PII, ID images, account history, and support materials.
3️⃣ No passwords, keys, or customer funds were compromised.
4️⃣ Coinbase may reimburse affected customers and is enhancing fraud controls.

Coinbase is a crypto exchange and wallet platform that allows merchants and consumers to buy, sell, and store digital currencies.

https://www.board-cybersecurity.com/incidents/tracker/20250515-coinbase-global-inc-cybersecurity-incident

Masimo Corporation disclosed unauthorized activity on its on-premise network, disrupting manufacturing and delaying order processing. The company is investigating and working to restore systems while cloud-based services remain unaffected.

1️⃣ Detected unauthorized network activity on April 27, 2025.
2️⃣ Manufacturing output and order fulfillment were temporarily impacted.
3️⃣ The affected systems are being restored; cloud-based systems are unaffected.
4️⃣ Investigation and mitigation efforts are ongoing with law enforcement involved.

Masimo Corporation, a medical technology company, develops, manufactures, and markets noninvasive patient monitoring products.

https://www.board-cybersecurity.com/incidents/tracker/20250506-masimo-corp-cybersecurity-incident

Going to #RSAC this week? You won't want to miss @ahoog42 share the top 5 mobile app risks found after performing over a half million assessments! Mark your schedule for Wednesday, 4/30 at 9:40 AM at Moscone West 2022: https://path.rsaconference.com/flow/rsac/us25/FullAgenda/page/catalog/session/1727438927841001fLn6

Conduent Inc. disclosed a January cyber incident that led to the theft of client end-user data. The data exfiltrated included significant personal information tied to client end-users. They do not believe the data has been publicly released, and the company is notifying affected clients and incurring related expenses.

1️⃣ Incident began Jan 13, 2025, affecting a limited part of Conduent’s environment.
2️⃣ Systems were restored in hours or days with no material operational impact.
3️⃣ Data exfiltrated included significant personal information tied to client end-users.
4️⃣ The company is incurring material expenses for notification and analysis.
Conduent provides digital platforms and business process services to commercial and government clients, with a focus on automation, analytics, and mission-critical operations. As of 2023, the company employs approximately 58,600 people.

https://www.board-cybersecurity.com/incidents/tracker/20250414-conduent-inc-cybersecurity-incident

DaVita Inc. disclosed a ransomware attack that disrupted parts of its network and operations. Patient care continues, but some functions remain impacted while the company investigates the full scope of the incident.

1️⃣ Ransomware detected on April 12, encrypting parts of DaVita’s network.
2️⃣ Impacted systems were isolated; third-party experts are assisting.
3️⃣ Patient care continues, but some operations are disrupted.
4️⃣ Duration and full impact of the incident remain unknown.

DaVita is a provider focused on transforming care delivery to improve quality of life for patients globally.

https://www.board-cybersecurity.com/incidents/tracker/20250414-davita-inc-cybersecurity-incident

Sensata Technologies disclosed a ransomware attack that disrupted operations and led the company to take its network offline. Some files were taken, and a full recovery timeline is still unknown.

1️⃣ On April 6, 2025, ransomware encrypted devices across Sensata’s network.
2️⃣ Operations—including shipping, receiving, and manufacturing—were impacted.
3️⃣ Interim measures have restored some functions; full recovery is pending.
4️⃣ Data was exfiltrated; investigation and notifications are ongoing.

Sensata Technologies engages in the design, manufacture, and distribution of sensors and electronic controls.

https://www.board-cybersecurity.com/incidents/tracker/20250409-sensata-technologies-holding-plc-cybersecurity-incident/

We love support open source / community standards. The OWASP MAS project is setting the global standard for mobile app security. If you haven't checked it out, you definitely should! Here's links to some of the significant efforts we support here at NowSecure

➡️ OWASP Mobile Application Security project: https://mas.owasp.org/
➡️ Frida, binary instrumentation framework: https://frida.re/
➡️ Radare, free reversing toolkit: https://rada.re/n/index.html
➡️ Open sourced tools from NowSecure: https://github.com/orgs/nowsecure/repositories?q=sort%3Astars

@OWASP_MAS @NowSecure

🚀 Celebrating 3 years of partnership with @NowSecure as an OWASP MAS Advocate! From 320+ PRs to driving key milestones like MASVS v2.0.0, MASWE, and more, their impact on mobile app security is unmatched. THANK YOU!

https://mas.owasp.org/news/2025/04/09/3-years-advocate-nowsecure/

Don’t you hate it when #Apple Live Text thinks your handwriting is in a foreign language?

NioCorp Developments Ltd. disclosed a cybersecurity incident involving unauthorized access that led to approximately $0.5 million in misdirected vendor payments. The company is working with financial institutions and law enforcement to recover the funds and is investigating the full scope of the incident.

1️⃣ On Feb 14, 2025, unauthorized third-party access was discovered, affecting portions of NioCorp’s email systems.
2️⃣ Approximately $0.5 million in vendor payments were misdirected.
3️⃣ The company quickly notified financial institutions and federal law enforcement to assist in recovery.
4️⃣ The full scope and impact of the incident are still under investigation.

NioCorp is a resource company that produces niobium, scandium, titanium, and magnetic rare earths to develop a Niobium deposit.

https://www.board-cybersecurity.com/incidents/tracker/20250219-niocorp-developments-ltd-cybersecurity-incident

Lee Enterprises, Inc. disclosed a cybersecurity incident that they believe is reasonably likely to have a material impacton their financial condition—an uncommon level of transparency. Most companies state they are still assessing or limit material impact concerns to one quarter. Details include:

1️⃣ On Feb 3, 2025, they suffered a cybersecurity attack that led to a systems outage.
2️⃣ Threat actors encrypted critical applications and exfiltrated certain files.
3️⃣ Print distribution, billing, collections, and vendor payments were disrupted. Some print products remain unavailable, impacting 5% of total revenue.
4️⃣ They have implemented temporary measures while restoring systems and expect a phased recovery over several weeks.
5️⃣ They maintain cybersecurity insurance but anticipate financial impacts from the incident.

Lee Enterprises is a major provider of local news, operating daily newspapers, digital media, and marketing services across the U.S.

https://www.board-cybersecurity.com/incidents/tracker/20250214-lee-enterprises-inc-cybersecurity-incident

Talk-to-text on iOS #Gmail has been epically failing for me over the past few weeks. I can't believe the hit I've taken on productivity. Is anyone else experiencing this? I use talk-to-text extensively and this is isolated to the Gmail iOS app only (all other talk-to-text is working fine on my iPhone apps, both native and from the App Store).

The issue seems to be that the talk-to-text function will repeat, merge and outwit mangle the translation. It looks a bit like logging output from LLMs I've seen where the prompt is streamed and so in the logs you see it repeat at various intervals. One thought I had was maybe that some sort of Gmail/Gemini integration was causing the issue.

I've attached an example where I highlight the behavior.

I've tried searching the web a bit. And I'm trying hard to ignore any tinfoil reactions but as a security and privacy person, it's always in the back of my mind.

Thanks for any insights for folks have any!

Backdoors are never backdoors, they are wide open entryways for any determined actor. This is not the way.

Critically important position by Matthew Green and @alex on the risks to US citizen (and everyone else) by the UKs demands on Apple to create an iCloud backdoor.

Time and time again, we’ve seen backdoors exploited by attackers or foreign intelligence services. Law enforcement has other legal powers they can and do leverage in investigations.

Apple has seemingly managed to hold the line but for how long? Having such respected cryptographers and cybersecurity experts explain the risks is critical to non-cyber community understanding the gravity of what’s at stake here. These are the very systems we depend on every day (minute) for our personal and professional lives and they must be private and secure.

https://apple.news/AuuwR059NQVuksyY6_XMtUQ

@thomasareed @NowSecure @jerry great questions and we dug into this a bit but didn't have the time to complete all of that analysis. We traced (combo of radare and Frida) of the the functions that uses it and it's encrypting/decrypting the user ID generated by the app but it may be used in other parts of the app. From our internal discussions:

"From a quick look in r2 it looks like that data is saved to a file possibly. could be sent over the network but i didn’t see anything in the immediate vicinity"

HTH.

@mochsner @NowSecure thanks, my first time using it, and I thought it was awesome!

@adam_caudill agreed, and we didn't intend to to position as "the sky is falling" but instead simply state the facts of the 3 security issues and then provide the broader risk picture.

Bear in mind, our primary focus is enterprises and governmental agencies.

So when we look at the broader picture of 1) lacking basic security, 2) advanced fingerprinting, 3) sensitivity of prompts/data, 4) recent discovery of DeepSeek database available online with no auth (Wiz finding), and 5) data residing in and being subject to Chinese Communist Party oversight, our recommend is that there is much high risk than the 10's of millions of folks who've downloaded the app in the past 10 days realize.

I dislike sky is falling...I guess a 23 page technical report at least demonstrates that we are trying to present the fact and share what we believe, as experts, the risk is to our primary audience.

Thx for the thoughtful post. HTH.

@Dss @dascandy @briankrebs FTW!

@adam_caudill thx so much for pointing out. running fast, mis-copied. I've alerted the team.

@Shoresy @briankrebs I think the "news" is while many people speculated and expected these types of issues, it's important to prove them.

The folks the hang out on Mastodon, HN, etc. are often times far more aware of the risks and how to mitigate them. By the DeepSeek iOS shot to the top of the Apple App and Google Play stores so 10's of millions of people are not aware of risks.

tl;dr probably not news to this crowd but very important to inform that 10's of millions of folks who don't have the security and privacy background to be aware of the risks

We just published a technical report detailing multiple security vulnerabilities in the #DeepSeek iOS app. We recommend companies, government agencies and individuals stop using the DeepSeek mobile apps.

If you want to experiment with the DeepSeek model, you can do it safely by either self-hosting or using hosted versions of DeepSeek from companies like Microsoft. You can see the full recommendations linked in the report below.

The vulnerabilities found are:

➡️ Unencrypted Data Exposed and Modifiable over the Network
➡️ Insecure Symmetric Encryption with Hardcoded Keys
➡️ Username, Password and Encryption Keys Stored Insecurely

The overall risk of using the DeepSeek iOS app is driven by:

1️⃣ lack of basic security controls
2️⃣ substitute and novel fingerprinting techniques
3️⃣ data sharing with service run by #Bytedance (e.g. #TikTok)
4️⃣ Sensitivity of prompt and associated data shared
5️⃣ Data being stored in China and under the ever watchful eye (and access) of the Chinese Communist Party

If you have questions about the DeekSeek iOS app risks, drop them in the comments or hit me up in a DM.

@NowSecure

https://www.nowsecure.com/blog/2025/02/06/nowsecure-uncovers-multiple-security-and-privacy-flaws-in-deepseek-ios-mobile-app/?utm_medium=social&utm_source=mastodon