A consumer thread

@everyone

(CNN) - Some flavors of International Delight coffee creamer are being recalled after reports of illness and spoilage.

The Food and Drug Administration is removing more than 75,000 bottles of International Delight coffee creamer from the shelves. The voluntary recall applies to two flavors: hazelnut and Cinnabon classic cinnamon roll.

Consumers are advised to immediately throw these creamers away.

The FDA is removing more than 75,000 bottles of International Delight coffee creamer from the...

The FDA is removing more than 75,000 bottles of International Delight coffee creamer from the shelves.(Source: International Delight via CNN)
The FDA says International Delight’s parent company initiated the recall after receiving complaints of spoilage and illness. It’s unclear how many people became sick.

The creamers were shipped to more than 30 states, including Alabama, Arkansas, Colorado, Connecticut, Florida, Georgia, Illinois, Indiana, Kentucky, Louisiana, Maryland, Maine, Michigan, Minnesota, Missouri, Mississippi, North Carolina, Nebraska, New Hampshire, New Jersey, New Mexico, New York, Ohio, Oklahoma, Pennsylvania, South Carolina, Tennessee, Texas, Virginia, Wisconsin and Wyoming.

The recalled hazelnut creamer comes in 32 fluid ounce-bottles with a UPC code of 0 41271 02565 2. It has a best by date of July 2.

Some flavors of International Delight coffee creamer are being recalled after reports of...

Some flavors of International Delight coffee creamer are being recalled after reports of illness and spoilage.(Source: International Delight via CNN)
The recalled Cinnabon classic cinnamon roll creamer comes in 32 fluid ounce-bottles with a UPC code of 0 41271 01993 3. It has a best by date of July 3.
 
@everyone

Federal authorities are warning users of Gmail, Outlook, and other popular email services about dangerous ransomware linked to a group of developers who have breached hundreds of victims' data, including people in the medical, education, legal, insurance, tech, and manufacturing fields.

The ransomware variant is called "Medusa," it was first identified in June 2021, the Cybersecurity and Infrastructure Security Agency (CISA) and FBI announced on March 12.

"This joint Cybersecurity Advisory is part of an ongoing #StopRansomware effort to publish advisories for network defenders detailing various ransomware variants and ransomware threat actors," the agencies said. "These #StopRansomware advisories include recently and historically observed tactics, techniques, and procedures (TTPs) and indicators of compromise (IOCs) to help organizations protect against ransomware."




As of February 2025, the cyber attacks have impacted more than 300 victims, according to the agencies. The Medusa developers normally recruit access brokers and pay them between $100 and $1 million to work for them, and these affiliates will use common techniques to breach the data of potential victims, such as phishing campaigns and exploiting unpatched software vulnerabilities, the FBI and CISA said.

Here is what to know about the ransomware, including who is allegedly behind the attacks and how people can protect their data.



Symantec: Group operating ransomware identified as Spearwing​

A March 6 blog post by Symantec, a brand of enterprise security software, says a group called Spearwing is operating the ransomware.




"Like the majority of ransomware operators, Spearwing and its affiliates carry out double extortion attacks, stealing victims’ data before encrypting networks in order to increase the pressure on victims to pay a ransom," Symantec's blog post says. "If victims refuse to pay, the group threatens to publish the stolen data on their data leaks site."

According to Symantec, Spearwing has victimized hundreds of people since the group first became active in early 2023. The group has around 400 victims on its data leaks site, and the true number is likely much higher, the blog post says.

The ransoms demanded by Spearwing using the Medusa ransomware have ranged from $100,000 up to $15 million, according to Symantec. In addition to gaining access to victims' networks, the group is also hijacking legitimate accounts, including those of healthcare organizations, the blog post says.

"In several of the Medusa attacks observed by Symantec it wasn’t possible to definitively determine how the attackers had gained initial access to victims’ networks, meaning an infection vector other than exploits could have been used," according to the blog post.

How can people protect themselves from Medusa ransomware?​

To mitigate Medusa ransomware, the FBI and CISA are recommending that people:




  • Develop a recovery plan to maintain and retain multiple copies of sensitive or proprietary data and servers in a physically separate, segmented, and secure location. For example, hard drives, storage devices and the cloud.
  • Require all accounts to have password logins. Employees of companies should use long passwords, which should be frequently changed.
  • Require multifactor authentication for all services, particularly for webmail, virtual private networks, and accounts that access critical systems.
  • Make sure all operating systems, software, and firmware are up to date.
  • Segment networks to prevent the spread of ransomware.
  • Identify, detect, and investigate odd activity and potential passage of the indicated ransomware with a networking monitoring tool.
  • Require VPNs or Jump Hosts for remote access.
  • Monitor for unauthorized scanning and access attempts.
  • Filter network traffic by stopping unknown or untrusted origins from accessing remote services on internal systems.
  • Disable unused ports
  • Keep offline backups of data and regularly maintain backup and restoration.
  • Make sure all backup data is encrypted and inflexible.
 
I don't Alexa. Now, I'm not going to Alexa even harder:


Amazon Echo users concerned about their privacy might have something else to worry about on March 28. That's the date when supported devices will lose the option to store and process Alexa requests locally, ensuring that all voice recordings are sent to the cloud.

An email that Amazon sent to customers confirms that the Do Not Send Voice Recordings feature they enabled on supported Echo devices will soon no longer be available.

The message explains that the change is necessary following the introduction of a generative AI-powered version of its popular Alexa assistant last month. Alexa+, powered by large language models from Amazon Bedrock, will be free for all Prime members...

Amazon removes privacy option, all Alexa recordings will now go to the cloud
 
For those of you who got suckered into using this company, my condolences. You might want to look into finding out if there's any way to get your data removed from the company's memory banks. Given the "hack" the company suffered, that might be a bit of door closing once the horse is already gone out of the barn, but it's still probably worth looking into, even if it's just to get more information on the situation:


Genetics testing company 23andMe has filed for Chapter 11 bankruptcy protection in the U.S. to initiate the sale of its assets. Alongside the announcement, the company’s co-founder and CEO Anne Wojcicki separately said she is leaving the company to become an independent bidder for the company.

“After a thorough evaluation of strategic alternatives, we have determined that a court-supervised sale process is the best path forward to maximize the value of the business,” Mark Jensen, chair and member of the Special Committee of the Board of Directors, said in a statement.

“We expect the court-supervised process will advance our efforts to address the operational and financial challenges we face, including further cost reductions and the resolution of legal and leasehold liabilities. We believe in the value of our people and our assets and hope that this process allows our mission of helping people access, understand, and benefit from the human genome to live on for the benefit of customers and patients.”...

DNA testing company 23andMe files for bankruptcy protection, CEO resigns






Calif. AG issues stark warning to 15 million 23andMe users as bankruptcy looms: ‘Delete your data’
 
Last edited:
For those of you who got suckered into using this company, my condolences. You might want to look into finding out if there's any way to get your data removed from the company's memory banks. Given the "hack" the company suffered, that might be a bit of door closing once the horse is already gone out of the barn, but it's still probably worth looking into, even if it's just to get more information on the situation:




DNA testing company 23andMe files for bankruptcy protection, CEO resigns






Calif. AG issues stark warning to 15 million 23andMe users as bankruptcy looms: ‘Delete your data’
I've always been intrigued by genealogy and thought about getting this test done but then I said I thought to myself do I really want the government to have access to my DNA ? I didn't even get to the point of thinking about hackers, but I'm glad I decided not to do this.
 
Back
Top