Plus, an airline hack, an Apple bug, media protection in Europe, and a $35 million security penalty.
This week, in one of the biggest leaks in videogame history, a GTAForums user by the name of “teapotuberhacker” posted 90 videos from a test build of Grand Theft Auto 6. Gameplay scenes include a waffle shop robbery, some Vice City locations, and two playable characters. The clips have been shared and eventually made their way onto YouTube, Twitter, Reddit, and other sites. The hacker also claims to have stolen GTA 5 and 6 source code. “According to the information available,” said Avast Security Evangelist Luis Corrons, “the attacker belongs to the criminal group Lapsus$, known for compromising big tech companies such as Microsoft, Nvidia, Samsung, and, more recently, Uber. This group suffered a number of arrests a few months back, but it is clear some of their members are still at large. Hopefully not for long.” Rockstar Games confirmed the hack, and the FBI continues to investigate. For more on this story, see PC Gamer. Apple says it will be releasing a fix next week for a bug in iPhone 14 Pro and Pro Max models where the footage taken with the rear camera shakes uncontrollably when used in conjunction with a third-party platform, such as Snapchat or TikTok. “We’re aware of the issue and a fix will be released next week,” an Apple spokesman told CNN. With a starting price of $999, the Pro models feature the first 48 MP camera as well as several other new features. The devices are in such high demand that Apple had to reduce production of its standard iPhone 14 in order to make more Pro models, according to recent tweets from an Apple analyst. Last week, the European Commission adopted the European Media Freedom Act, a set of rules focused on protecting independent media in the EU. The Act prevents government entities from interfering in editorial decisions, safeguards against surveillance, and creates a new independent European Board for Media Services, to be filled with national media authorities. It puts a focus on the stable funding of public service media and requires the transparency of media ownership and the allocation of state advertising. Read the full press release for more details. On Tuesday, Morgan Stanley agreed to pay $35 million to the Securities and Exchange Commission (SEC) as penalty for data security lapses including the improper disposal of thousands of hard drives containing customer data. Some of the hard drives were resold on auction websites without the data having been wiped first. According to the SEC, data for 15 million customers was exposed in what was an “extensive failure” over a five-year period. The security lapses were first discovered when an IT consultant in Oklahoma contacted Morgan Stanley to say he had just purchased a drive that happened to have their customers’ data on it. Get the full story at Ars Technica. In a “Notice of Security Incident” sent to employees, American Airlines acknowledged a cyberattack that put their team members’ personal information at risk. “The personal information involved in this incident may have included your name, date of birth, mailing address, phone number, email address, driver’s license number, passport number, and/or certain medical information you provided,” the disclosure read. An American Airlines senior manager commented that the breach began with a phishing campaign that resulted in the exposure of “a very small number of customers’ and employees’ personal information.” For more, see Cyberscoop. Roughly a third of all connected medical devices have insecure defaults, such as no or weak password protection or poor software design, that make them ripe for exploits. Here's what you can do to keep your medical devices safe.Shaky-cam bug in iPhone 14 Pro
European Media Freedom Act safeguards independence
Morgan Stanley pays $35M security penalty
American Airlines hack exposes employee data
This week’s must-read on the Avast blog