IT Security Newsletter - 10/27/2020
Amazon sacks insiders over data leak, alerts customers
Amazon has recently terminated employees responsible for leaking customer data, including their email addresses, to an unaffiliated third-party in violation of company policies. The company has sent out an email announcement to affected customers following the incident. Over the weekend, reports emerged on Twitter of multiple Amazon customers perplexed by the email alerts being sent out by the company describing the data leak. The key concern was if this was an isolated incident targeting the particular customer who had received the email. READ MORE...
Massive Nitro data breach impacts Microsoft, Google, Apple, more
A massive data breach suffered by the Nitro PDF service impacts many well-known organizations, including Google, Apple, Microsoft, Chase, and Citibank. Claimed to be used by over 10 thousand business customers and 1.8 million licensed users, Nitro is an application used to create, edit, and sign PDFs and digital documents. As part of their service offering, Nitro offers a cloud service used by customers to share documents with coworkers or other organizations involved in the document creation process. READ MORE...
Swedish Authorities, Banks Hit by Security Data Leak: Report
Details of bank vault floor plans, alarm systems and the security arrangements for Swedish authorities have been leaked online after a security company was hacked, local media reported Tuesday. A total of 19 gigabytes of information and around 38,000 files were stolen from security group Gunnebo by one or more hackers in August, according to newspaper Dagens Nyheter. "It's of course unfortunate that we've had a theft of data," Gunnebo CEO Stefan Syren was quoted as telling the paper. READ MORE...
Some Ballot Requests May Be Affected by County Cyber Attack
A hacker attack against an upstate New York county's computer system raised concern that some emailed absentee ballot applications may not be processed, but the state Board of Elections said voting won't be affected overall. The cyber attack on Oct. 18 encrypted about 200 computers operated by Chenango County and hackers demanded ransom of $450 per computer to unlock the files, Herman Ericksen, the county's information technology director, said Monday. "We are not paying the ransom," he said. READ MORE...
Google Boots 21 Bogus Gaming Apps from Play Marketplace
Android apps packed with malware from HiddenAds family downloaded 8 million times from the online marketplace. Researchers have discovered a raft of malicious gaming apps on Google Play that come loaded with adware, signaling that the tech giant continues to struggle with keeping bad apps off its online marketplace. Twenty-one gaming ads discovered on Google packed with adware from the HiddenAds family were downloaded about 8 million times so far, according to new research Avast. READ MORE...
A new threat matrix outlines attacks against machine learning systems
A report published last year has noted that most attacks against artificial intelligence (AI) systems are focused on manipulating them (e.g., influencing recommendation systems to favor specific content), but that new attacks using machine learning (ML) are within attackers' capabilities. Microsoft now says that attacks on machine learning (ML) systems are on the uptick and MITRE notes that, in the last three years, "major companies such as Google, Amazon, Microsoft, and Tesla, have had their ML systems tricked, evaded, or misled." READ MORE...
Flaws in Winston Privacy Devices Can Expose Networks to Remote Attacks
Researchers say they've uncovered a series of potentially serious vulnerabilities in devices made by online privacy firm Winston Privacy. The vendor has released patches that are automatically being sent to devices. Winston Privacy provides a hardware-based service designed to boost online privacy and security. The company says it can block online surveillance, accelerate browsing, and block ads and trackers, and it also advertises its services as an alternative to traditional VPNs. READ MORE...
- ...in 1809, President James Madison orders the annexation of the western part of West Florida. Settlers there had rebelled against Spanish authority.
- ...in 1904, The New York subway officially opens running from the Brooklyn Bridge uptown to Broadway at 145th Street.
- ...in 1923, pop artist Roy Lichtenstein, famous for painting large-scale reproductions of comic book panels and newspaper ads, is born in New York City.
- ...in 1988, US President Ronald Reagan decides to tear down a new US Embassy in Moscow because Soviet listening devices were built into the structure.