Skip to content

TB Kawashima gets hacked, Meta’s paedophile problems and more

  • by
  • 4 min read

One of Toyota’s subsidiaries, TB Kawashima, was hit by a cyberattack suspected to be from the LockBit ransomware group. Five malicious Python packages on the PyPI repository were found leaking sensitive information, including AWS credentials, to publicly exposed endpoints. 

Meta has come under fire for not being able to protect the child and teen models on Instagram after Forbes alerted the platform of over a dozen accounts actively sexually abusing underage models on Instagram.

Last but not least, Apple’s newest 13-inch MacBook Pro featuring their latest M2 chip, has been found to run a significantly slower SSD in the base model. 

TB Kawashima gets hacked

  • TB Kawashima, a manufacturer of interior fabrics for automobiles, aeroplanes, theatres and trains, reported that one of its subsidiaries had been hacked. 
  • The company is a part of Toyota Boshuku of the Toyota group of companies. Sales and production activities of Toyota Boshuku group have not been impacted. 
  • TB Kawashima’s website, however, is currently down.
  • While there has been no confirmation of the threat actor from the company’s end, the LockBit Ransomware gang has taken responsibility for the attack. It has even begun to leak data allegedly stolen during the breach. 
H/t BleepingComputer

Malicious Python packages leak sensitive information

  • Five malicious packages on the PyPI repository have been found leaking sensitive information, including AWS credentials, to openly accessible endpoints. 
  • The five packages include loglib-modules, pyg-modules, pygrata-utils, pygrata and hkg-sol-utils. 
  • The first two packages, loglib-modules and pyg-modules are typosquatting attempts at replicating legitimate packages. The remaining three don’t have any specific targets. All five packages share code similarities or connections. 
  • Four of the packages have been removed from the repository. However, the package pygrata didn’t have any malicious functionality built-in and required pygrata-utils as a dependency, causing it to stay on the repository for much longer. 
H/t: BleepingComputer

Meta is having a hard time catching child predators on Instagram

  • Meta has come under heavy fire for its incapable predator policing following multiple failures to remove child predatory accounts from Instagram.
  • Forbes has reported over a dozen accounts amounting to half a million followers sexualising underage models. 
  • One of the most prominent examples of such accounts is one of Grant Durtschi, who was able to use Instagram to sell sexually suggestive photos of minors months after his arrest in March. 
  • Durtschi’s PayPal account revealed that he sold photos to over 70 clients, several of which were convicted sex offenders or had other related convictions in their criminal history, for between $100 to $1000. 
  • The case has opened Meta to much scrutiny on the topic, despite the company having a no-tolerance policy for child exploitation on its platforms.
H/t: Forbes

Fastest chip, slowest SSD

  • After Apple refreshed its 13-inch Macbook Pro with its latest M2 chip, it was discovered that the base model 2022 Macbook Pro comes with a significantly slower SSD compared to more expensive models.
  • The base Macbook Pro is priced at $1299 and comes with a 256GB SSD. Tests reveal that the read and write speeds on the SSD are about 50% and 30% slower, respectively, compared to the 13-inch Macbook Pro with the M1 chip and 256GB storage.
  • The speed difference arises from the 2022 Macbook Pro only has a single NAND 256GB chip, while the previous year’s model had two 128GB chips. 
  • It’s unclear at the moment why Apple did this, but costs and supply chain constraints are two possible factors. 
The new base model MacBook comes with a much slower SSD. | Source: Apple
H/t: MacRumours 

In the News: Hackers are still exploiting Log4Shell; CISA issues warning

Yadullah Abidi

Yadullah Abidi

Yadullah is a Computer Science graduate who writes/edits/shoots/codes all things cybersecurity, gaming, and tech hardware. When he's not, he streams himself racing virtual cars. He's been writing and reporting on tech and cybersecurity with websites like Candid.Technology and MakeUseOf since 2018. You can contact him here: yadullahabidi@pm.me.

>