darkfeed.io has published material the LockBit Group provided to proof their hack of the Accenture Network. At first glance, it looks huge and worrying. Social media response at this time appears to acknowledge the proof.
Clubhouse. Das war diese App, die vor einem halben oder ganzen Jahr so unglaublich gehyped worden ist. Man kam nicht rein, das war Invite Only. Man kam nicht von alleine rein, cool waren nur die, die drin waren. Alle in meiner Bubble hatten FOMO, Fear Of Missing Out.
Diesen menschlichen Effekt haben vor 15 Jahren schon Facebook und Google mit seinem Mail Produkt sehr erfolgreich bedient. Das Ergebnis war, dass JEDER unbedingt eine Einladung wollte. Und mit Erhalt der gleichen wirklich äußerst bereitwillig Ihre Adressbücher freigegeben haben.
Für die Experience.
Zwischenzeitlich kann man verbale Ansprachen auch auf Twitter halten und kein Hahn kräht mehr nach Clubhouse.
Trotzdem sind der App jetzt 3,8 Milliarden Telefonnummern weggekommen. Und so wies aussieht seid Ihr auch dabei, wenn Ihr jemanden kennt, der das damals toll fand.
Just in time for Xmas, Facebook dropped a huge package of user data.
More than 260 million U.S. Facebook users’ IDs, phone numbers, and names were exposed to an online database that could potentially be used for spam and phishing campaigns. Comparitech reports that before the database was taken down, it was found on a hacker forum as a downloadable file.
Again, it’s Facebook, that made news with a data breach. TechCrunch reported first about midnight Euroean time, but it’s all over the news by today, noon. It’s time to realize social media is a mistake.
Earlier this week, it became public that Capital One was victim to a privacy leak, affecting more than 100 million of their customers. News revealed details about the source of the attack, that apparently an individual conducted and bragged about it publicly.
Now, a few days later and more facts known, the always excellent Krebs on Security blog offers some lessons learned from the incident. It has good statements from Netflix, CloudFlare, DisruptOS and AWS personnel, including citations about the involvement of IAM, EC2 and WAF. In particular, it points out mitigations that AWS recommends in response to Server Side Request Forgery (SSRF).
Interesting is the conclusion that Rich Mogull comes to, that the industry is facing a major gap in skills, related to this kind of cloud security. Basic skill and availability thereof has always been a major gap in the entire industry. Only with the arrival of cloud it becomes more sparse. Mostly, because corporations maintain both their existing data centers and new cloud infrastructure, leaving out on the opportunity to become more secure in the cloud.
In today’s edition of privacy related topics, it is Google that apparently stored customer passwords in plaintext. Google didn’t disclose which (enterprise) customers have been affected, but was clear that improper access is out of question. With this recent incident, Google joins ranks of Facebook, Instagram, but also Twitter and LinkedIn.
Google says it discovered a bug that caused some of its enterprise G Suite customers to have their passwords stored in an unhashed form for about 14 years.
Another week, another Facebook leak. This time an Instagram dataset with apparently scraped profile information was found online.
A massive database containing contact information of millions of Instagram influencers, celebrities and brand accounts has been found online. The database, hosted by Amazon Web Services, was left exposed and without a password allowing anyone to look inside. At the time of writing, the database had over 49 million records — but was growing by […]
It appears Salesforce was shutting down its services May 17th 2019. Reason was a faulty configuration of scripting options, that allowed users to access to all their company’s Salesforce data. To prevent worse, Salesforce shut down.
Salesforce said the script only impacted customers of Salesforce Pardot – a business-to-business (B2B) marketing-focused CRM.
However, out of an abundance of caution, the company decided to take down all other Salesforce services, for both current and former Pardot customers.
Meanwhile, another flaw from the Facebook universe. While it appears it’s not immediately related to data leakage, it gives great potential to 3rd parties, though. On the upside, nobody will attribute it to Facebook this time.
It’s a good opportunity to point out and recommend the alternatives to Whatsapp, in particular Signal and Threema.
A WhatsApp vulnerability left Android and iOS devices open to attack from sophisticated surveillance software. The Facebook-owned company said it hasn’t yet been able to determine how many people were impacted, and told users to ensure they’re running the latest version of the app.