Data Privacy

Developer Exposes Major MacOS High Sierra Login Flaw    

Developer Exposes Major MacOS High Sierra Login Flaw    

A Turkish software developer recently took to Twitter and exposed one of the biggest security flaws to be discovered on MacOS. Lemi Orhan Ergin tweeted last Tuesday of a flaw that allows anyone to gain root access to computers running High Sierra just by entering username “root” under Users & Groups, even without a password. Users with root access will be able to take full control of the system, and it was previously thought that this was disabled by default on Apple systems. Ergin was criticized by a number of users for not disclosing the issue privately with Apple. However, […]

Top Secret Army, NSA Files Left Exposed on Amazon S3 Server

Top Secret Army, NSA Files Left Exposed on Amazon S3 Server

Earlier this week, security researchers from UpGuard found another unsecured S3 server that leaked sensitive files from a joint US Army and NSA agency. The server contained files from INSCOM marked TOP SECRET and NOFORN (NO FOReign Nationals). The researchers also found folders which indicated that the system was part of a cloud computing platform called Red Disk, which is in turn part of the Department of Defense’s “battlefield intelligence platform”. This comes several days after the discovery of another exposed S3 server that contained files from the Army’s CENTCOM and PACOM divisions. Source: Bleeping Computer

CIA Continues Partnership with Amazon Web Services to Boost Cloud Push

CIA Continues Partnership with Amazon Web Services to Boost Cloud Push

Earlier this week, the director of digital futures at the CIA’s Directorate of Digital Innovation affirmed the agency’s push towards cloud computing, stating that the bureau has “overachieved” in its efforts to leverage the technology. Speaking at the Public Sector Breakfast at AWS re:Invent in Las Vegas, Teresa Smetzer said that adapting cloud computing 4 years ago was a risky move that paid off. She added that it allowed the agency to keep up with the pace of the commercial industry. She also revealed that AWS’s Secret Region which went live last week now allows all 16 agencies to interoperate […]

Chinese Nationals Charged for Corporate Espionage in the US

Chinese Nationals Charged for Corporate Espionage in the US

Last Monday, US prosecutors charged three Chinese hackers for infiltrating a number of US and international companies. According to the Department of Justice, Wu Yingzhuo, Dong Hao, and Xia Lei hacked the systems of firms including Siemens, Moody’s Analytics, and Trimble to steal trade secrets for the purposes of gaining commercial advantage. The trio, who were employees of Internet security firm Guangzhou Bo Yu Information Technology (Boyusec), is said to have worked with other unidentified conspirators in launching cyberattacks that used spear phishing emails with attachments that deploy malware.    Source: ZDNet

Over 300 Android Apps Embedded with Trackers

Over 300 Android Apps Embedded with Trackers

Earlier this week, a study conducted by the Yale Privacy Lab and Exodus Privacy identified around 300 Android apps embedded with invasive trackers which record user activity without user consent. The researchers found tracking scripts not only in lesser known apps, but also in highly popular apps such as Uber, Twitter, Tinder, Soundcloud, and Spotify. While some of the trackers such as Google’s CrashLytics collect only crash reports, a number of others collected sensitive data such as user details and app usage info. The study said that the issue is also likely to be present in iOS. A list of […]

Imgur Confirms 2014 Breach Involved Email Addresses, Passwords

Imgur Confirms 2014 Breach Involved Email Addresses, Passwords

One of the world’s largest image sharing sites, Imgur, has recently confirmed that around 17 million email addresses and passwords were compromised when it got hacked in 2014. The website got knowledge of the breach only Thursday last week when Troy Hunt of “Have I Been Pwned” informed them. The company reset account passwords right after and issued a public disclosure to alert affected users of the hack. They also added that no personal information was compromised since users aren’t asked to provide any when they sign up. Hunt said that the company’s response had been exemplary, considering they were […]

NHJ

Uber Admits to Informing Softbank of Breach Before Going Public

Last Thursday, Uber revealed that it had told Softbank of the breach prior to disclosing it with the public. The Japanese company is currently in talks with the ride-hailing firm in a deal that would amount to as much as $10 billion, effectively buying out existing shareholders. Uber said in its statement that it had a duty to inform Softbank, which was a potential investor, even though the information they had at the time was still incomplete. Uber added that they only went public after completing the forensic investigation which gave them a more complete understanding of the facts.    […]

EU Regulators May Create Task Force for Coordinated Uber Hack Investigation

EU Regulators May Create Task Force for Coordinated Uber Hack Investigation

According to the Article 29 Working Party, EU privacy regulators are set to discuss Uber’s data breach issue on Nov. 28 and 29, and are expected to form a task force to coordinate national investigations. The ride-hailing firm will be facing heavy regulatory scrutiny after CEO Dara Khosrowshahi admitted that the company paid a $100,000 ransom to hackers to keep the breach secret for around a year. Regulators have already expressed their concerns strongly on the breach. The British data regulator said that Uber’s coverup put into question the company’s data policies and ethics. Italian Data Protection Authority head Antonello […]

Two New Lawsuits Filed Against Uber for 2016 Breach

Two New Lawsuits Filed Against Uber for 2016 Breach

Within only 48 hours of Uber’s breach disclosure, two separate class-action lawsuits had already been filed against the company in the state of California. One of the cases which was filed in Los Angeles, Alejanro Flores v. Raiser, alleged that Raiser, Uber’s subsidiary, had been “grossly negligent” and “departed from all reasonable standards of care” Another lawsuit filed in San Francisco, Danyelle Townsend and Ken Tew v. Uber, stated that Uber should have had the necessary safeguards in place to protect the plaintiff’s personally identifiable information. Source: ARSTechnica

China’s App Stores Drop Skype

China’s App Stores Drop Skype

According to Reuters, Microsoft’s Skype app had been removed from several app stores in China, including Apple’s, as of Wednesday morning. The app may have been dropped earlier, as Apple revealed late last Tuesday that they had to pull the app from their China app store after being notified by the Ministry of Public Security, who found the VOIP app to be in violation of local laws. App store platforms Tencent Holdings Ltd., and Qihoo 360 Technology, as well as Microsoft and the Cyberspace Administration of China, has not yet issued comments on the matter.   In this year alone, […]

Read more about the Data Privacy practice at Disini & Disini Law Office