NEW: Staffers at notorious spyware maker Intellexa had live remote access to their customers' surveillance systems. This allowed them to see the personal data of targets hacked with Intellexa's spyware Predator, according to new research based on a leaked training video. Needless to say, this is bad for several reasons.

TechCrunch

Sanctioned spyware maker Intellexa had direct access to government espionage victims, researchers say | TechCrunch

Based on a leaked video, security researchers alleged that Intellexa staffers have remote live access to their customers' surveillance systems...

NEW: Your "end-to-end encrypted" poop pictures taken by this $599 (+ subscription) smart toilet camera are actually not end-to-end encrypted. ¯_(ツ)_/¯

TechCrunch

‘End-to-end encrypted’ smart toilet camera is not actually end-to-end encrypted | TechCrunch

Kohler, the makers of a smart toilet camera, can access customers' data stored on its servers, and can use customers’ bowl pictures to train...

NEW: A trivial-to-exploit bug in jury systems used across the United States was exposing jurors' sensitive personal data, such as full names, date of birth, occupation, email addresses, cell phone numbers, and home addresses — and potentially even health data. The bug essentially allowed anyone to brute-force and access jurors' accounts. The system is provided by gov tech gian Tyler Technologies. We alerted them of the bug on Nov. 5, they acknowledged and said they fixed it yesterday. ** **

TechCrunch

Bug in jury systems used by several US states exposed sensitive personal data | TechCrunch

An easy-to-exploit vulnerability in a jury system made by Tyler Technologies exposed the personally identifiable data of jurors, including names, h...

NEW: Delivery giant DoorDash disclosed a data breach impacting an unspecified number of users. Hackers stole names, emails, phone numbers, and physical addresses, but DoorDash said that “no sensitive information was accessed by the unauthorized third party." 🤔

TechCrunch

DoorDash confirms data breach affecting users’ phone numbers and physical addresses | TechCrunch

The delivery giant said “no sensitive information” was accessed, and did not specify the number of customers, delivery workers, and merchants w...

NEW: A group of Senators and Congresspeople are warning Governors that their states are providing ICE “with frictionless, self-service access to the personal data of all of your residents.” The data sharing is managed by a nonprofit called Nlets, which is managed by state police agencies.

TechCrunch

Lawmakers warn Democratic governors that states are sharing drivers' data with ICE | TechCrunch

A group of Democratic lawmakers asked governors in California, Colorado, and other states to block ICE from accessing their residents’ driver’s...

NEW: The U.S. Congressional Budget Office was hacked. @npub1lcc6...lcye says that the cause may be an unpatched Cisco ASA firewall. I asked CBO about that but it did not respond to the question.

TechCrunch

Congressional Budget Office confirms it was hacked | TechCrunch

The congressional research office confirmed a breach, but did not comment on the cause. A security researcher suggested the hack may have originate...

NEW: This is how former L3Harris Trenchant boss Peter Williams was able to steal zero-days worth millions of dollars and sell them to a Russian broker, based on court documents and interviews with his former colleagues.  A former Trenchant employee told me that “no one had any supervision over [Williams] at all. He was kind of allowed to do things the way he wanted to.” “He was, in my opinion, perceived to be beyond reproach,” the former employee, who has knowledge of Trenchant's IT systems, told me.

TechCrunch

How an ex-L3Harris Trenchant boss stole and sold cyber exploits to Russia | TechCrunch

Peter Williams sold eight exploits to a Russian zero-day broker by smuggling them from his employer’s highly secured air-gapped network. A court ...

NEW: Peter Williams, the former head of Western zero-day and spyware maker Trenchant, pleaded guilty to selling eight exploits to a Russian broker that resells to the Russian government. The DOJ said Williams was promised millions of dollars in exchange for "national-security focused software."

TechCrunch

Former L3Harris Trenchant boss pleads guilty to selling zero-day exploits to Russian broker | TechCrunch

Prosecutors confirmed Peter Williams, the former Trenchant boss, sold eight exploits to a Russian buyer. TechCrunch exclusively reported that the T...

NEW: The U.S. govt accused Peter Williams, ex general manager of hacking tool maker L3Harris Trenchant, of stealing trade secrets and selling them to buyer in Russia. As we reported earlier this week, Trenchant was investigating a leak of internal tools this year. At this point, it's unclear if that investigation is related to the accusations against Williams.

TechCrunch

US accuses former L3Harris cyber boss of stealing and selling secrets to Russian buyer | TechCrunch

The U.S. Department of Justice accused Peter Williams, former general manager of L3Harris’ hacking division Trenchant, of stealing trade secrets ...

ICYMI (story broke late Friday evening): A judge has ordered NSO Group to stop targeting WhatsApp users. At the same time the judge reduced the damages the spyware maker had to pay to WhatsApp from $167 million to $4M, becasue there was no evidence NSO’s behavior was “particularly egregious."

TechCrunch

Spyware maker NSO Group blocked from WhatsApp | TechCrunch

A federal judge has granted Meta-owned WhatsApp’s request for a permanent injunction blocking Israeli cyberintelligence company NSO Group from ta...