May it be the week of lists

I usually don't like to group items too much, because it cheats the "don't put too many items in one issue" rule I have. But there was just a lot of related news this week to group. So, sorry ^^ There's a few regular items in here too though.

Dieter Van der Stock

GDPR, GDPR everywhere

I meant to include some of these last week, on the 25th (because duh), but pressed submit too early :-/ So here we go:

  • GDPR hall of fame: a long, long list of companies screwing up on GDPR. Worth a look and laugh: link
  • Google and Facebook sued within hours for not adhering to the GDPR: link
  • ICANN has filed a law suit against a German registrar who declined to collect WHOIS info, out of fear of breaching the GDPR. ICANN hopes to use the suit to get clarity on the future of WHOIS: link
Dieter Van der Stock

Data breaches, leaks and such

Data being stolen, leaked or just managed irresponsibly:

  • Two Canadian banks have had personal information stolen of about 90.000 people, with the attackers demanding ransom or they'll leak it online: link
  • An Apache Airflow instance belonging to Universal Music Group was found unprotected online, showing credentials for FTP, AWS and SQL passwords: link
  • A social services hotline in LA County had an unsecured s3 bucket with 3.5 million logged phone calls, 200.000 call notes with sensitive information and 33.000 social security numbers: link
  • Honda Car India had two public S3 buckets, containing private information and passwords on the 50.000 users of its Honda Connect app: link
  • Coca-Cola reported a data breach of 8.000 employees, which was due to an ex-employee being in possession of a corporate hard drive: link
Dieter Van der Stock

Update all the things \o/

Updates I came across:

  • Google released version 67 of Chrome. It fixes a number of security issues, introduces the WebAuthn API, deprecates HTTP public key pinning, and includes Site Isolation as part of Spectre mitigations: link
  • Apple released a set of security updates in iOS 11.4, WatchOS and iTunes, although it's unclear what they fix: link
  • Huawei patches several vulnerabilities in its servers, smartphones and apps: link
  • If you are running an old Jira server, you might want to check if this vulnerability affects you: link
  • Valve patched a remote code execution vulnerability in its Steam clients a few months back, and the researcher who discovered it has now released his report: link
Dieter Van der Stock

Arrests and court rulings

Going black hat doesn't (always) pay off:

  • Two French citizens were arrested for the Vevo Youtube hack: link
  • The hacker involved in the 500 million accounts-breach at Yahoo is sentenced to five years and a fine of over $2mil: link
  • Grant West, who performed phishing attacks against a host of large companies, is sentenced to 10 years: link
  • Not a new arrest but related: even though Cobalt's leader was arrested a while back, the group is still active: link
Dieter Van der Stock