Snowflake Database Customers Targeted by Threat Actor

A threat actor known as UNC5537 has breached several Snowflake database customers using stolen credentials, conducting data theft and extortion attacks, according to cloud security firm Mitiga. The actor targets organizations lacking two-factor authentication, using a custom tool to access Snowflake environments. The campaign, which started in April, has attracted law enforcement attention and affected multiple organizations, with stolen data being publicly posted for sale on hacker forums. Snowflake, with over 9,000 customers and a significant market share, has issued a security advisory, advising customers to review indicators of compromise and mitigations, while emphasizing that the activity is not caused by any vulnerability or malicious activity within their product.

Hugging Face Detects Unauthorized Access to AI Model Hosting Platform

Hugging Face, an AI startup, announced on Friday that its security team detected "unauthorized access" to its Spaces platform, which hosts AI models and resources. The intrusion relates to Spaces secrets, which are private pieces of information used to unlock protected resources. As a precaution, Hugging Face has revoked certain tokens and recommends that users refresh their keys or tokens and consider switching to fine-grained access tokens. The company is working with cybersecurity specialists to investigate the incident and review its security policies. The extent of the potential breach is currently unclear. This incident comes as Hugging Face faces increasing scrutiny over its security practices, with several vulnerabilities and security concerns reported in recent months.

Netflix Bug Bounty Program Pays Out Over $1 Million

Netflix has paid out more than $1 million to security researchers since launching its bug bounty program in 2016. The program has received nearly 8,000 unique vulnerability reports from over 5,600 researchers, with 845 vulnerabilities eligible for rewards. The company has moved its program to the HackerOne platform, promising enhanced triage, increased bounty ranges, and expanded scope. Rewards range from $300 to $20,000, depending on the severity and impact of the vulnerability. This investment in security research demonstrates Netflix's commitment to protecting its systems and products.

Santander Bank Hit by Massive Hack

Santander Bank has been hit by a massive hack, affecting all staff and 30 million customers, according to reports. The breach, which occurred via a supply chain attack, resulted in the theft of sensitive customer information, including personal data, credit card numbers, and account numbers and balances. The stolen database is being sold on the dark web by the ShinyHunters hacking collective for $2 million. While Santander has confirmed the breach, the extent of the damage is still unclear, with some reports suggesting that the number of affected customers may be lower than claimed.