The largest collection of stolen passwords ever has been leaked to a notorious crime marketplace, according to cybersecurity researchers at Cybernews. This leak, dubbed RockYou2024 by its original poster “ObamaCare,” holds a file containing nearly 10 billion unique plaintext passwords. Allegedly gathered from a series of data breaches and hacks accumulated over several years, the passwords were posted on July 4th and hailed as the most extensive collection of stolen and leaked credentials ever seen on the forum. “In its essence, the RockYou2024 leak is a compilation of real-world passwords used by individuals all over the world,” the researchers told Cybernews. “Revealing that many passwords for threat actors substantially heightens the risk of credential stuffing attacks.” Credential stuffing attacks are among the most common methods criminals, ransomware affiliates, and state-sponsored hackers use to access services and systems. Threat actors could exploit the RockYou2024 password collection to conduct brute-force attacks against any unprotected system and “gain unauthorized access to various online accounts used by individuals whose passwords are included in the dataset,” the research team said. This could affect online services, cameras and hardware This could affect various targets, from online services to internet-facing cameras and industrial hardware. “Moreover, combined with other leaked databases on hacker forums and marketplaces, which, for example, contain user email addresses and other credentials, RockYou2024 can contribute to a cascade of data breaches, financial frauds, and identity thefts,” the team concluded. However, despite the seriousness of the data leak, it is important to note that RockYou2024 is primarily a compilation of previous password leaks, estimated to contain entries from a total of 4,000 massive databases of stolen credentials, covering at least two decades. This new file notably includes an earlier credentials database known as RockYou2021, which featured 8.4 billion passwords. RockYou2024 added approximately 1.5 billion passwords to the collection, spanning from 2021 through 2024, which, though a massive figure, is only a fraction of the reported 9,948,575,739 passwords in the leak. Thus, users who have changed their passwords since 2021 may not have to panic about a potential breach of their information. That said, the research team at Cybernews stressed the importance of maintaining data security. In response to the leak, they recommend immediately changing the passwords for any accounts associated with the leaked credentials, ensuring each password is strong and unique and not reused across different platforms. Additionally, they advised enabling multi-factor authentication (MFA), which requires an extra form of verification beyond the password, wherever possible, to strengthen cyber security. Lastly, tech users should utilize password manager software, which securely generates and stores complex passwords, mitigating the risk of password reuse across multiple accounts.

Google Wallet can help you store your IDs, driving license, loyalty cards, concert tickets and more. You can also store your payment cards and use tap to pay to pay anywhere Google Pay is accepted. Google wallet is available in various countries but Google never launched it in India. Google let indian users stick with the Gpay which facilitates UPI payments. Tap to pay is not part of it. Also we can not store things such as IDs and Passes in indian version of Gpay. This might change and Google may launch Google Wallet in India. With the recent version of Google Wallet and Google Play Services, Google has added some flags and code which indicate that Google is working on something for Indian users regarding wallet. The first change I noticed recently when going through the Google Play Services apk was addition of two new flags Both flags are part of com.google.android.gms.pay package in the Google Play Services. This package contains all the flags for features of Gpay/Wallet. Google does server side flipping of flags to enable/disable features for users. So both these flags doesn't really provide any info about what features enabling these flags is going to bring. But the point here is that Google Wallet is not launched in India so why Google added these flags inside Play Services ? The answer could be that Google may be working on bringing Google Wallet to India. It can enable tap to pay, store payments and various other features for Indian users which we don't have in the current Gpay for India. I found similar flags in the analysis Google Wallet APK - These flags are also disabled by default. But this is again a clear indication of Google working towards something for Indian users. In both cases, enabling the flags doesn't bring anything noticeable UI or feature because there is nothing much added besides flags. Google has dogfood/testing versions internally, so the code will show up slowly in upcoming versions. The last piece of code I found is also from Google Play Services. In case you don't know, Google was working on Digilocker integration in the Google Files app which was supposed to bring your digital document inside the app such as driving license, COVID certificates, aadhar card. But Google has ditched the effort of bringing these features and they removed the "Important" tab (where digilocker was supposed to be integrated) from the Google Files app completely. So things are going to change and here is how. This is the code which I found in the Google Play Services - So the word "PASS" along with PAN, DRIVERS LICENCE, VACC CERTIFICATE & AADHAR CARD, is clear indication of the possibility of Google adding support for these directly through Google Wallet using Digilocker, just like Samsung Pass does it. This code is not old as I have checked older beta versions of Play Services where this code is not present. Here is a string which was added in a previous beta version a few weeks ago but I completely ignored it because it didn't make any sense without flags and the other code - This addition was surprising because there was nothing regarding digilocker before in the Play Services. In the words "pay_valuable", the "pay" to Wallet/Gpay and "valuable" refers to the things like Passes, loyalty cards and transit cards. Since we are talking about digilocker, these "valuable" are driving license, vaccination certificate, PAN card and Aadhar card which can be store in Google Wallet after digilocker integration. That's all about it. We will know more about it in upcoming app updates or maybe Google can itself annouce something about this.

U.S. and Australian officials said on Monday (July 8) that both countries are committed to improving financial connectivity in the Pacific and strengthening banking services in the region to resist China's growing covetousness. According to Reuters, at the two-day Pacific Banking Forum co-hosted by the United States and Australia, Australian Assistant Treasurer Stephen Jones said that Canberra hopes to be the partner of choice in the Pacific region, both in banking and defense. "If there are countries acting in this region whose main goal is to promote their own national interests rather than the interests of Pacific island countries, we will be very concerned," Jones said at the first day of the forum in Brisbane. He made this comment when asked about Chinese banks filling the vacuum in the Pacific region. The report said that as some Western banks have interrupted their long-standing business relationships with banks in small Pacific island countries, while others are preparing to close their businesses, these Pacific island countries face many challenges and their ability to obtain US dollar-dominated banking business is limited. The report said that experts said that Western banks are taking de-risking actions to meet financial regulations, which makes it more difficult to do business in Pacific island countries. This in turn weakens the financial resilience of these island nations. At the same time, Washington is also stepping up efforts to support Pacific island nations in limiting China's influence. Brian Nelson, U.S. Treasury Undersecretary for Counterterrorism and Financial Intelligence, said, "We recognize the economic and strategic importance of the Pacific region, and we are committed to deepening engagement and cooperation with our allies and partners to enhance financial connectivity, investment and integration." The report said that neither the United States nor Australia has yet announced detailed plans at the forum, but comments from officials from both countries reflect the growing unease among Western countries that have traditionally had influence in the Pacific region about China's growing influence in the region.

According to AndroidAuthority, the Linux kernel used by Android devices is mostly derived from Google's Android Universal Kernel (ACK) branch, which is created from the Android mainline kernel branch when new LTS versions are released upstream. For example, when kernel version 6.6 is announced as the latest LTS release, an ACK branch for Android15-6.6 appears shortly after, with the "android15" in the name referring to the Android version of the kernel (in this case, Android 15). Google maintains its own set of LTS kernel branches for three main reasons. First, Google can integrate upstream features that have not yet been released into the ACK branch by backporting or picking, so as to meet the specific needs of Android. Second, Google can include some features that are being developed upstream in the ACK branch ahead of time, making it available for Android devices as early as possible. Finally, Google can add some vendor or original equipment manufacturer (OEM) features for other Android partners to use. Once created, Google continues to update the ACK branch to include not only bug fixes for Android specific code, but also to integrate the LTS merge content of the upstream kernel branch. For example, the Linux kernel vulnerability disclosed in the July 2024 Android security bulletin will be fixed through these updates. However, it is not easy to distinguish a bug fix from other bug fixes, as a patch that fixes a bug may also accidentally plug a security vulnerability that the submitter did not know about or chose not to disclose. Google does its best to recognize this, but it inevitably misses the mark, resulting in bug fixes for the upstream Linux kernel being released months before Android devices. As a result, Google has been urging Android vendors to regularly update the LTS kernel to avoid being caught off guard by unexpectedly disclosed security vulnerabilities. Clearly, the LTS version of the Linux kernel is critical to the security of Android devices, helping Google and vendors deal with known and unknown security vulnerabilities. The longer the support period, the more timely security updates Google and vendors can provide to devices.

On July 8, local time, former British Prime Minister Sunak announced the appointment of the Conservative Party Shadow Cabinet, which is the first shadow cabinet of the Conservative Party in 14 years. Several former British cabinet members during Sunak's tenure as prime minister were appointed to the Conservative Party Shadow Cabinet, including James Cleverly as Shadow Home Secretary and Jeremy Hunt as Shadow Chancellor of the Exchequer. But former Foreign Secretary Cameron was not appointed as Shadow Foreign Secretary. In addition, the new leader of the Conservative Party will be elected as early as this week. On July 4, the UK held a parliamentary election. The counting results showed that the British Labour Party won more than half of the seats and won an overwhelming victory; the Conservative Party suffered a disastrous defeat, ending its 14-year continuous rule.