Cybersecurity researchers have claimed financial technology firm Miio, which offers mobile telecoms and financial services to customers in Mexico, has suffered a huge data leak, exposing up to three million Know Your Customer (KYC) files.
Findings from Cybernews say the files were reportedly unguarded for at least several months, and contained files dating back to 2017, when the company was started. This strongly suggests that all Miio customers were impacted, with 2.9 million scans of various KYC documents found, including passports and IDs, driver’s licenses, and customer pictures.
There’s no evidence yet that malicious actors accessed the data, but since researchers were able to access it, it's probable others have too. Government issued identifications are incredibly valuable to attackers, since they can facilitate identity theft and fraud.
Unaware or unwillingThe researchers discovered the leak on September 12, 2024, and initial disclosure notice was sent on October 2, and the storage bucket has now been open for at least three months. Researcher’s attempts to reach out have been ‘met with silence’.
If the KYC documents have fallen into the wrong hands, attackers could open bank accounts, apply for loans, or take out credit cards in the victim’s names.
With the type of ID documents found and the customer selfies for verification, researchers warn that this could enable hackers to take over existing customer accounts, so victims should be ultra-vigilant in the coming months.
“In the context of Miio’s role as a telcobank serving a wide base of customers, such a leak would undermine trust in their ability to safeguard sensitive data, exposing their users to severe financial and personal risks,” the researchers said.
You might also likeThe official numbers are in: 2024 is the hottest year on record. Climate change is the main culprit. But there might be something else going on, too.
(Image credit: Selcuk Acar)
NATO is reportedly developing a satellite-based backup for global internet communications to address vulnerabilities exposed by recent undersea cable disruptions.
The project, known as HEIST (hybrid space-submarine architecture ensuring infosec of telecommunications), comes in response to the February 2024 incident when the cargo ship Rubymar, struck by a Houthi missile attack, dragged its anchor across the Red Sea floor, severing three fiber-optic cables.
A report by IEEE Spectrum claims these cables carried about a quarter of all internet traffic between Europe and Asia, forcing data rerouting and highlighting the fragile nature of global internet infrastructure.
Ready for testingOver 95% of intercontinental internet traffic relies on undersea fiber-optic cables, with more than 1.2 million kilometers of them stretching across the planet. These thin cables lie unburied across deep-sea floors, making them vulnerable to accidental damage and sabotage.
The Rubymar incident was unintentional, but Western officials have evidence of deliberate undersea cable sabotage by state actors, such as Russia and China. NATO has already announced plans to prevent this happening in the future using undersea drones.
HEIST aims to address such threats by ensuring critical internet pathways remain operational even when fiber lines are compromised.
The project has two key objectives: to rapidly detect cable damage and precisely locate breaks, and to expand the capacity to reroute data through alternative channels, including satellites. The focus will be on diverting high-priority data to satellites, reducing reliance on vulnerable seabed cables.
The project will begin testing in 2025 at the Blekinge Institute of Technology in Sweden. Researchers from multiple countries, including the US, Sweden, Iceland, and Switzerland, will work to develop faster break detection systems capable of pinpointing damage with accuracy to within one meter.
The researchers will also explore satellite-based failsafes using higher-bandwidth laser optics, which can transmit far more data than current radio-based satellite systems.
While satellite throughput is limited compared to fiber, the HEIST team is focusing on expanding bandwidth through technologies like infrared lasers, already in use on Starlink satellites.
Although no single solution currently exists, NATO’s goal is to create a diverse and resilient network, ensuring secure global communications in emergencies.
You may also likeU.S. employers added more than a quarter-million jobs in December, according to the Labor Department. That's far more than forecasters were expecting.
(Image credit: Anna Rose Layden)
Meta has awarded cybersecurity researcher Ben Sadeghipour a bug bounty of $100,000 after he discovered a security vulnerability on Facebook’s ad platform in October 2024.
The flaw allowed Sadeghipour to run commands on the internal Facebook server which housed the platform, giving him control of the server.
According to Sadeghipour, the unpatched bug allowed him to hijack the server using a headless Chrome browser, which is a version of the browser users run from the computer’s terminal, to interact with Facebook’s internal servers directly.
Part of wider researcherThe flaw in the platform was connected to a server that Facebook used to create and deliver ads, which was vulnerable to a previously fixed flaw found in the Chrome browser, which Facebook uses in its ad system.
Sadeghipour told TechCrunch online advertising platforms are attractive targets because “there’s so much that happens in the background of making these ‘ads’ — whether they are video, text, or images.”
“But at the core of it all it’s a bunch of data being processed on the server-side and it opens up the door for a ton of vulnerabilities,” Sadeghipour said.
The researcher confirms he didn’t test out everything he could have once he was inside the server, although “what makes this dangerous is this was probably a part of an internal infrastructure.”
After reporting the vulnerability to Meta, the bug took just an hour to fix, Sadeghipour said, noting his discovery was part of ‘ongoing research on a specific application with a specific purpose’. This flaw in particular took him a few hours to identify, but Meta worked with him to quickly patch the bug and offered a bounty that was ‘way beyond’ expectations, he confirmed in a LinkedIn post.
Bug bounties have been on the rise recently, with Google drastically increasing its rewards for researchers who participate in the program, so security research is getting more lucrative.
You might also likeThere's no shortage of wireless mics for content creators in 2025, with the likes of the DJI Mic Mini and the Rode Wireless Micro being two fine examples. So how is it possible to stand out in an increasingly saturated market? By being practically invisible, as it turns out.
The new Hollyland Lark M2S has a feature set to rival the DJI Mic Mini, but with the design that DJI wishes it had: the Lark M2S is not only the smallest wireless mic we've seen yet when clipped to clothing, but it's also logo-free.
A discreet and logo-free mic that weighs a mere 7g and won't tug on clothing is a win in our book – too many wireless mics are all too visible in content that floods social media. You only have to look at the wireless mics we use on TechRadar's TikTok channel to appreciate where we're coming from.
Just because the Lark M2S is tiny, however, that doesn't mean that Hollyland has scrimped on features. You get smartphone-beating 24-bit audio, a single push environmental noise cancellation feature (ENC), a 70dB signal-to-noise ratio (SNR), plus a 116dB maximum Sound Pressure Level (SPL).
Battery life is rated at up to 9 hours of record time for each mic, which can be extended with the charging case to 30 hours, while the maximum transmission range is up to 300m.
(Image credit: Hollyland)Those are solid specs for a wireless mic system that can be purchased as a kit comprising two transmitters (mics), two receivers (a basic one for USB-C smartphones, the other for cameras with a 3.5mm port), plus charging case, for just $139 / £130 – that's a fraction less than the Mic Mini. Oh, and a Lightning cable for older iPhones is chucked in for good measure – see all that's included in the Max combo in the image above.
The best of both DJI and Rode in a single package?So how does the Hollyland Lark M2S stack up against DJI and Rode rivals? Specs-wise, favorably; it seemingly offers the best of both the DJI Mic Mini and Rode Wireless Micro models in a single package.
You get a small receiver for use with smartphones and a larger one with manual controls for use with cameras. Rode's package only offers the former and only works with smartphones, while DJI's only offers the latter which works with both cameras and phones, but is clunky when attached to a smartphone.
We can't comment on the actual audio quality of the Lark M2S yet, but our in-depth review is in the pipeline so do look out for that. What we can say off the bat is that the Lark M2S design and overall package looks stellar. You can pre-order now using the links above.
You might also likeAs fire crews and air tankers work to block the wildfires' explosive growth, images of red clouds of fire retardant falling onto trees are common. What is it — and what's in it?
(Image credit: David Swanson)
Like many world-changing events, new applications of existing technology can lead to some interesting concepts. For example, the Covid-19 pandemic led to the creation of masks featuring audio components. The controversial Razer Zephyr had external speakers, will.i.am’s Xupermask Honeywell collaboration had earbuds, and there was Dyson's air purifier mask headphones combo, of course. Once the pandemic and the lockdown eventually concluded, the idea of wearable air filtration devices with audio listening devices sorta died down.
That idea is being revived by Ible, which is a Taiwanese company established in 2015. The company is currently known for its Airvida line of wearable air purifiers that look like necklaces. During CES 2025, Ible revealed its upcoming E1 & T1 wireless earbuds that double as air purifiers. Users can listen to music and take phone calls while the purifiers claim to provide something akin to an invisible face mask.
Though I couldn’t personally test the hardware, I visited the booth and spoke to the company, and both of these audio devices offer a different glimpse into the future where the best earbuds are health devices too, which is becoming more and more of a thing.
The Airvida E1 is a pair of neckband earbuds that merges a 25dB noise cancellation with an ionic air purifier. Weighing just 42 grams, the device is connected through Bluetooth and provides eight hours of battery life with audio or over 30 without audio. The device is charged through a magnetic charging cable. When it comes to sound quality, the E1 uses 13mm dynamic driver and multi-layer composite diaphragm for rich sound and robust bass.
Interestingly, it can be used as a desktop purifier when used with a stand, too. The Airvida Connect app offers real-time air quality updates, pollen alerts, and adjustable ion levels. This device claims to achieve 99.9% removal of PM2.5 particles and pollen allergens, along with 99.7% efficacy against Influenza A and SARS-CoV-2 viruses.
(Image credit: Future)Meanwhile, the T1 looks to be the world’s first wearable ionic air purifier integrated with noise-cancelling earbuds. Like the T1, the audio device hopes to provide 99.9% protection against air pollutants, allergens, and viruses, while delivering superior sound quality with active noise cancellation and Bluetooth 5.3 connectivity.
Weighing 9.5g per earbud, they're certainly hefty – something like AirPods Pro 2's buds weigh around 5g – and the battery life is fairly low at five hours of usic (or around 24 hours for air purification). The USB-rechargeable charging case offers three charges for extended use.
Still, 9.5g is light (and small) for an air-purifying solution, so we can forgive that. Generating over 30 million negative ions per cm³, it promises to effectively clean the air around the facial area. It comes with replacement earbud tips in three sizes, and two color options: Space Black and Pearl White. Aiming to be serviceable for various environments, it operates efficiently in temperatures from 0°C to 40°C and relative humidity of 30–85%.
Both E1 and T1 earbuds blend innovative air purification with advanced audio technology, and I hope they can live up to their claims and prove useful for people with respiratory issues, allergies or those attempting to avoid germs – and that the music can hold up too. What's the point in breathing more clearly if the sound doesn't put you in the mood to belt out some tunes?
You might also like…TechRadar will be extensively covering this year's CES, and will bring you all of the big announcements as they happen. Head over to our CES 2025 news page for the latest stories and our hands-on verdicts on everything from 8K TVs and foldable displays to new phones, laptops, smart home gadgets, and the latest in AI.
And don’t forget to follow us on TikTok and WhatsApp for the latest from the CES show floor!
Cybersecurity researchers from Check Point Research recently uncovered a new version of the Banshee infostealer, capable of bypassing Apple’s built-in malware protection to grab sensitive data.
Banshee is a macOS-focused malware which emerged in mid-2024, designed to extract sensitive information such as system details, browser data, and cryptocurrency wallet information. Initially sold as a stealer-as-a-service for $3,000 per month, its source code was leaked in November 2024, leading to its broader dissemination.
Despite the operation being shut down, Banshee continued to live, being both developed, and distributed, by various hacking collectives.
Distribution through GitHubNow, the new version seems to be somewhat more dangerous, and is most likely built by a different threat actor. According to the researchers, Banshee now uses string encryption from Apple’s XProtect, allowing it to blend with normal device operations and avoid being detected. XProtect is macOS's built-in antivirus system that identifies and blocks known malware using regularly updated signature-based detection.
Furthermore, it no longer avoids Russian users, which could signal that it was built by a different team. This latest campaign seems to have started in September 2024, and continued unobserved for roughly two months.
While it is impossible to know exactly how many devices are infected with Banshee, we do know that it’s being distributed via GitHub repositories. Threat actors are impersonating legitimate software, and are betting on software developers being careless when downloading content from the open-source platform.
Check Point says that the same operators are also going after Windows users, but through Lumma Stealer, not Banshee. The researchers also stressed that macOS continues to gain popularity, thus becoming an increasingly attractive target.
“Despite its reputation as a secure operating system, the rise of sophisticated threats like the Banshee MacOS Stealer highlights the importance of vigilance and proactive cyber security measures,” they concluded.
Via BleepingComputer
You might also like