Prisma/Channel

2020-08-07 09:03:55 A massive data breach at Intel has leaked over 20GB of source codes, internal documents, images and other internal and confidential files.

Some of the files were stored in password-protected ZIP-archives with passwords intel123 and Intel123

Most recent files in the dump are dated May 2020. Open / Comment

2020-04-02 12:40:48 Marriott had a breach again, leaking info on 5.2M customers. Database security can't be neglected, this events will happen more and more, on a larger scale and with more expensive consequences.

https://www.zdnet.com/article/marriott-discloses-new-data-breach-impacting-5-2-million-hotel-guests/ Open / Comment

2020-03-27 13:20:05 ProtonVPN found a bug in iOS implementation of VPN affecting iOS 13.3.1 and later. The issue is currently unpatched and causes some connections to bypass VPN. Stay safe!

https://www.bleepingcomputer.com/news/security/unpatched-ios-bug-blocks-vpns-from-encrypting-all-traffic/ Open / Comment

2020-03-27 12:22:57 #FridaySecurity Open / Comment

2020-03-19 13:20:22 Socially responsible hackers claim to cease all ransomware attacks on medical organizations during the virus outbreak and promise to provide free decryption if any of them still get hit by ransomware.

https://www.bleepingcomputer.com/news/security/ransomware-gangs-to-stop-attacking-health-orgs-during-pandemic/ Open / Comment

2020-03-18 11:38:19 This should have been a Friday post. German military laptop with classified information sold on eBay.

https://www.nytimes.com/2020/03/17/world/europe/germany-missile-laptop.html Open / Comment

2020-03-14 11:35:06 HSBC is switching from paper trail to a blockcahin-based custody platform to track $20 billion (sic!) worth of assets. This is the biggest single use of blockchain tech in the industry.

https://www.reuters.com/article/us-hsbc-hldg-blockchain/hsbc-swaps-paper-records-for-blockchain-to-track-20-billion-worth-of-assets-idUSKBN1Y11X2 Open / Comment

2020-03-13 11:42:53 Google started Project Nightingale to collect healthcare data on millions of people. What can go wrong?

https://edition.cnn.com/2019/11/12/tech/google-project-nightingale-federal-inquiry/index.html Open / Comment

2020-03-12 11:45:37 Some good ol' data leaks that happened recently:

140GB of contact data (49M records) — Israel marketing company left ElasticSearch creds in plaintext on one of the domains: https://www.databreachtoday.com/israeli-marketing-company-exposes-contacts-database-a-13785
6.5M records of Israeli voters leaked: https://thehackernews.com/2020/02/Israeli-voter-data-leaked.html
250M records of Microsoft customers leaked in yet another ElasticSearch misconfiguration: https://www.comparitech.com/blog/information-security/microsoft-customer-service-data-leak/
29K records of Facebook employees' financial data lost as unencrypted drives are stolen: https://www.bloomberg.com/news/articles/2019-12-13/thief-stole-payroll-data-for-thousands-of-facebook-employees
21M account records from a music service Mixcloud leaked; owners learn about breach after seeing the data being sold for 0.5BTC: https://blog.mixcloud.com/2019/11/30/mixcloud-security-notice/
4B (!) accounts of 1.2B (!) people in a 4TB (!) misconfigured ElasticSearch leak: https://www.dataviper.io/blog/2019/pdl-data-exposure-billion-people/
1.19B confidential x-ray and other medical images leak: https://www.helpnetsecurity.com/2019/11/20/confidential-medical-images/ Open / Comment

2020-03-12 09:09:26 Major bug in Avast JS engine that allowed to execute arbitrary JS code with SYSTEM privileges as easy as just sending a malicious file to the victim in an email.

The patch is not ready yet (and no timeline given so far) but the compromised component is allegedly disabled in Avast installations.

Generally, for end-user machines with Windows 10, 3rd party AV software gives little to none advantage over the built-in Defender. Consider switching to Defender at least temporarily until the patch is ready.

More info: https://www.zdnet.com/article/avast-disables-javascript-engine-in-its-antivirus-following-major-bug/ Open / Comment