In today’s cybersecurity news…
ParkMobile 2021 data breach class action suit concludes
Good news for any victims of the 2021 ParkMobile breach. The class action lawsuit against the Atlanta based mobile and web parking payments platform has been wrapped up, and the payouts will now begin. This follows a cybersecurity incident that occurred in March 2021, in which account information for almost 22 million ParkMobile customers was released for free on a hacking forum. The lawsuit accused ParkMobile of “failing to adequately protect user data,” and the company denied any wrongdoing. The data leaked was mostly PII and license plate numbers, but not financial or banking information. The windfall for each of the victims is – wait for it – one dollar in the form of an in-app credit, which must be claimed manually, and does come with an expiration date.
UK government study suggests secondary schools larger target than businesses
According to a UK government survey conducted this time last year, “educational institutions are more likely to face a cyber-attack or security breach than private businesses.” The report says, “six out of 10 secondary schools have suffered an attack or breach over the past 12 months, rising to eight out of 10 for further education colleges and nine out of 10 for higher education institutions.” As a comparison, only four out of 10 businesses have faced a breach or attack. The researchers defined a cyberattack as an “attempt to breach a target’s IT systems.” Phishing emails were identified as the most common vector.
Zimbra Collaboration Suite flaw used in calendar attacks
This attack leverages a flaw with a CVE number (CVE-2025-27915) which is a cross-site scripting vulnerability in ZCS 9.0, 10.0, and 10.1 versions which deliver a JavaScript payload onto target systems, specifically ICS files, also known as iCalendar files. The vulnerability stems from insufficient sanitization of HTML content in ICS files. Zimbra had addressed the security issue in January 27, but researchers at StrikeReady discovered the attack after keeping an eye out for .ICS files that were larger than 10KB and included JavaScript code.
Salesforce providing support to Scattered Spider victims
Salesforce has said it is “engaging with customers who are being extorted by cybercriminals through a recently created data leak site.” This points to a recent new leak site posted by Scattered Spider which listed dozens of large companies listed, from whom the group claims to have stolen data through Salesforce. A Salesforce spokesperson has stated that there is no indication that the Salesforce platform was been compromised in any of these thefts, nor was this activity “related to any known vulnerability in our technology,” however “we remain engaged with affected customers to provide support.”
Huge thanks to our sponsor, ThreatLocker
LinkedIn sues software company for scraping
A lawsuit was launched on Thursday against software company ProAPIs, as well as its CEO, for an operation in which it allegedly ran an operation charging customers up to $15,000 per month for scraped user data taken from LinkedIn, including posts, reactions and comments. They allegedly achieved this by creating a network of millions of fake accounts. The lawsuit adds that LinkedIn “routinely detects ProAPIs’ scraping within hours of it beginning, but because the software firm creates hundreds if not thousands of fake accounts daily it is impossible to stop all of the activity.”
Researchers warn of self-spreading WhatsApp malware
A new self-spreading malware campaign called SORVEPOTEL is targeting Brazilian users through WhatsApp, according to Trend Micro. The malware spreads via phishing messages containing malicious ZIP attachments that users must open on a desktop, suggesting enterprise-focused attacks. Once activated, SORVEPOTEL propagates automatically through the WhatsApp Web interface, causing infected accounts to be banned for excessive spam. Unlike ransomware or data-stealing malware, its purpose appears to be rapid spread and disruption rather than theft. Of the 477 known infections, 457 are in Brazil, affecting sectors including government, public service, manufacturing, technology, education, and construction.
Renault UK suffers cyberattack
The UK branch of the French carmaker Renault is warning UK customers that their personal data may have been stolen due to a recent hack. Spokespeople for the company said attackers accessed their third-party supplier’s systems and made off with customer details including names, gender, phone numbers, email and postal addresses, and vehicle registration and identification numbers, but no bank details. Renault has not confirmed how many customers are affected, nor has it yet provided details about the scale of the theft or the identity of the breached supplier.
Signal adds new cryptographic defense against quantum attacks
Signal has announced a new cryptographic component designed to withstand quantum computing threats on its users’ conversations. It is called the Sparse Post-Quantum Ratchet (SPQR). This is a technology that continuously updates the encryption keys used in conversations while discarding the old ones. Signal, a non-profit well-known for its end-to-end encrypted messaging, guarantees forward secrecy and post-compromise security. More details about the technology behind this is available in the link provided in the show notes to this episode.