Israel Says Iran Is Hacking Security Cameras for Spying

Plus: Ukrainian hackers reportedly knock out a key Russian internet provider, China’s Salt Typhoon hackers claim another victim, and the UK hits 23andMe with a hefty fine over its 2023 data breach...

CVE-2021-38305

23andMe Yamale before 3.0.8 allows remote attackers to execute arbitrary code via a crafted schema file. The schema parser uses eval as part of its processing, and tries to protect from malicious expressions by limiting the builtins that are passed to the eval. When processing the schema, each li...

Your 23andMe genetic data could be bought by China, senator warns

Senator Cassidy, the chair of the US Senate Health, Education, Labor, and Pensions Committee has expressed concerns about foreign adversaries, including the Chinese Communist Party, acquiring the sensitive genetic data of millions of Americans through 23andMe. The risk is considered real because ...

23andMe bankruptcy: How to delete your data and stay safe from the 2023 breach

The genetic testing company 23andMe filed for bankruptcy on Sunday, announcing that, in searching for financial stability through its sale to a new owner, the business will continue operating as normal, including in how customer data is handled. “The company intends to continue operating its...

How to Delete Your Data From 23andMe

DNA-testing company 23andMe has filed for bankruptcy, which means the future of the company’s vast trove of customer data is unknown. Here’s what that means for your genetic data...

23andMe will retain your genetic information, even if you delete the account

Deleting your personal data from 23andMe is proving to be hard. There are good reasons for people wanting to delete their data from 23andMe: The DNA testing platform has a lot of problems, so let’s start with a recap. A little over a year ago, cybercriminals put up information belonging to as man...

A week in security (September 16 – September 22)

Last week on Malwarebytes Labs: "Simply staggering" surveillance conducted by social media and streaming services, FTC finds Tor anonymity compromised by law enforcement. Is it still safe to use? Walmart customers scammed via fake shopping lists, threatened with arrest Snapchat wants to put your...

A week in security (June 10 – June 16)

Last week on Malwarebytes Labs: Truist bank confirms data breach Update now! Google Pixel vulnerability is under active exploitation Adobe clarifies Terms of Service change, says it doesn’t train AI on customer content 23andMe data breach under joint investigation in two countries When things go...

23andMe data breach under joint investigation in two countries

The British and Canadian privacy authorities have announced they will undertake a joint investigation into the data breach at global genetic testing company 23andMe that was discovered in October 2023. On Friday October 6, 2023, 23andMe confirmed via a somewhat opaque blog post that cybercriminal...

23andMe Blames Users for Recent Data Breach as It's Hit With Dozens of Lawsuits

Plus: Russia hacks surveillance cameras as new details emerge of its attack on a Ukrainian telecom, a Google contractor pays for videos of kids to train AI, and more...

23andMe blames its users for the massive data breach

By Waqas According to DNA service provider 23andMe, if you are a user, you are to be blamed for reusing your password on other sites. This is a post from HackRead.com Read the original post: 23andMe blames its users for the massive data breach...

The 23andMe Data Breach Keeps Spiraling

23andMe has provided more information about the scope and scale of its recent breach, but with these details come more unanswered questions...

The 23andMe User Data Leak May Be Far Worse Than Believed

Plus: IT workers secretly funnel money to North Korea, a court in the US upholds keyword search warrants, and WhatsApp gets a passwordless upgrade on Android...

23andMe User Data Stolen in Targeted Attack on Ashkenazi Jews

At least a million data points from 23andMe accounts appear to have been exposed on BreachForums. While the scale of the campaign is unknown, 23andMe says it's working to verify the data...

Hacker Claims to Have Data of 7 Million 23andMe Users from DNA Service

By Waqas 23andMe Investigating Potential Data Breach, Says Credentials May Have Been Gathered From Other Breaches. This is a post from HackRead.com Read the original post: Hacker Claims to Have Data of 7 Million 23andMe Users from DNA Service...

CVE-2021-38305

23andMe Yamale before 3.0.8 allows remote attackers to execute arbitrary code via a crafted schema file. The schema parser uses eval as part of its processing, and tries to protect from malicious expressions by limiting the builtins that are passed to the eval. When processing the schema, each li...

CVE-2021-38305

23andMe Yamale before 3.0.8 allows remote attackers to execute arbitrary code via a crafted schema file. The schema parser uses eval as part of its processing, and tries to protect from malicious expressions by limiting the builtins that are passed to the eval. When processing the schema, each li...

Spoofing

23andMe Yamale before 3.0.8 allows remote attackers to execute arbitrary code via a crafted schema file. The schema parser uses eval as part of its processing, and tries to protect from malicious expressions by limiting the builtins that are passed to the eval. When processing the schema, each li...

CVE-2021-38305

CVE-2021-38305 (23andMe Yamale) : A code-execution vulnerability in Yamale before 3.0.8 allows a specially crafted schema file to trigger Python eval, enabling arbitrary commands on the host running Yamale. Root cause: the schema parser evaluates user-supplied expressions, with limited builtins, ...

23andme.com XSS vulnerability

Vulnerable URL: https://www.23andme.com/static/ Details: Description| Value ---|--- Patched:| Yes, at 17.01.2018 Latest check for patch:| 17.01.2018 08:18 GMT Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| 5281 VIP website status:| Yes Coordinated Disclosure...