One of Toyota’s subsidiaries, TB Kawashima, was hit by a cyberattack suspected to be from the LockBit ransomware group. Five malicious Python packages on the PyPI repository were found leaking sensitive information, including AWS credentials, to publicly exposed endpoints.
Meta has come under fire for not being able to protect the child and teen models on Instagram after Forbes alerted the platform of over a dozen accounts actively sexually abusing underage models on Instagram.
Last but not least, Apple’s newest 13-inch MacBook Pro featuring their latest M2 chip, has been found to run a significantly slower SSD in the base model.
TB Kawashima gets hacked
- TB Kawashima, a manufacturer of interior fabrics for automobiles, aeroplanes, theatres and trains, reported that one of its subsidiaries had been hacked.
- The company is a part of Toyota Boshuku of the Toyota group of companies. Sales and production activities of Toyota Boshuku group have not been impacted.
- TB Kawashima’s website, however, is currently down.
- While there has been no confirmation of the threat actor from the company’s end, the LockBit Ransomware gang has taken responsibility for the attack. It has even begun to leak data allegedly stolen during the breach.
H/t BleepingComputer
Malicious Python packages leak sensitive information
- Five malicious packages on the PyPI repository have been found leaking sensitive information, including AWS credentials, to openly accessible endpoints.
- The five packages include loglib-modules, pyg-modules, pygrata-utils, pygrata and hkg-sol-utils.
- The first two packages, loglib-modules and pyg-modules are typosquatting attempts at replicating legitimate packages. The remaining three don’t have any specific targets. All five packages share code similarities or connections.
- Four of the packages have been removed from the repository. However, the package pygrata didn’t have any malicious functionality built-in and required pygrata-utils as a dependency, causing it to stay on the repository for much longer.
H/t: BleepingComputer
Meta is having a hard time catching child predators on Instagram
- Meta has come under heavy fire for its incapable predator policing following multiple failures to remove child predatory accounts from Instagram.
- Forbes has reported over a dozen accounts amounting to half a million followers sexualising underage models.
- One of the most prominent examples of such accounts is one of Grant Durtschi, who was able to use Instagram to sell sexually suggestive photos of minors months after his arrest in March.
- Durtschi’s PayPal account revealed that he sold photos to over 70 clients, several of which were convicted sex offenders or had other related convictions in their criminal history, for between $100 to $1000.
- The case has opened Meta to much scrutiny on the topic, despite the company having a no-tolerance policy for child exploitation on its platforms.
H/t: Forbes
Fastest chip, slowest SSD
- After Apple refreshed its 13-inch Macbook Pro with its latest M2 chip, it was discovered that the base model 2022 Macbook Pro comes with a significantly slower SSD compared to more expensive models.
- The base Macbook Pro is priced at $1299 and comes with a 256GB SSD. Tests reveal that the read and write speeds on the SSD are about 50% and 30% slower, respectively, compared to the 13-inch Macbook Pro with the M1 chip and 256GB storage.
- The speed difference arises from the 2022 Macbook Pro only has a single NAND 256GB chip, while the previous year’s model had two 128GB chips.
- It’s unclear at the moment why Apple did this, but costs and supply chain constraints are two possible factors.
H/t: MacRumours
In the News: Hackers are still exploiting Log4Shell; CISA issues warning