JUNE WEEK 4

BlueLeaks: Data from 200 police departments and FBI groups in the US have been hacked and released online. A total of 296GB of data has been collected, and all evidence suggests it’s the real deal. Distributed Denial of Secrets (DDoSecrets) is the group responsible for publishing the data DDoSecrets, who do not wish to be referred to as a hacking group describe themselves as “a transparency collective, aimed at enabling the free transmission of data in the public interest.”

The information released includes masses of personal data and confidential police tactics.

DDoSecrets have confirmed that the leaked data was provided by Anonymous, who last week disabled Atlanta’s Police Department’s site over the shooting of unarmed Rayshard Brooks on June 12th, 2020.  

Click here for more details.


Google Analytics API used to steal financial credentials. Google’s Content Security Policy is there to protect the application, but ironically CSP has a vulnerability allowing thieves to cypher funds using a separate Google Analytics Tag ID. 

A reminder that application vulnerability is an ever threat in the security world.

Click here


Twitter has confirmed a significant breach that has compromised the personal details of its business clients. The offense was discovered on May 20th and involved the exposure of email addresses, telephone numbers, and credit card digits: more than enough information to run targeted scams. The confidential information was stored in the browser’s cache, making it viewable to other users of a shared device.  

Twitter is not new to breaches; in June 2016, 33million account details were hacked and posted online, and there have been several significant incidents since. 

Twitter apologises for business data breach- Click here

 

.


Ethnic Minority Report?

Just when you think the journey of facial recognition technology can’t get any stranger.  

There is concern about a study to be published in Berlin, Germany, by researchers in Pennsylvania that claims to have created algorithms to identify individuals who are more likely to commit a crime – based on their facial features. – Yes, that’s right!

The justified concern is that evidence shows that it will be black citizens who are most likely to bear the brunt if used. MIT, Microsoft, Google, and Harvard have denounced the study as there are fears that this may be a tool that law enforcement may at some point implement. Given that tensions are heightened enough, and coupled with the many flaws in this facial recognition theory, there is a strong argument that publishing such material will prove very harmful. 

The attempted prediction of behaviour based on race using “technology” is nothing new.

“Scientific” illustration from 19th century Phrenology studies


Group compensation claim following EasyJet data breach. Being able to work effectively within a team is a good trait. However, EasyJet may disagree. With 10,000 customers in over 50 countries coming together, firms would be well advised to consider group-compensations as a new operational risk following cyber breaches.  

EasyJet faces group legal claim over cyber attack data breach- – Click here

The struggling airline has announced that it will cut 30% of its workforce – 15,000 staff.


Playstation is the latest to offer a bounty for users to find vulnerabilities on their platform. With rewards of over $50,000 for severe bug-finds, it’s a great way to get your customers working for you.

“ We believe that through working with the security research community, we can deliver a safer place to play. We have partnered with HackerOne to help run this program, and we are inviting the security research community, gamers, and anyone else to test the security of PlayStation 4 and PlayStation Network. Our bug bounty program has rewards for various issues, including critical issues on PS4. Critical vulnerabilities for PS4 have bounties starting at $50,000. “ 

Geoff Norton, Senior Director, Software Engineer – PlayStation 


 

Thoughts? Comments? Want more intel? Don’t be shy – reach out: ob@bestmansolutions.com

Other Posts...

Vacancy: Security Systems Engineer- (DevSecOps)

Vacancy: Security Systems Engineer- (DevSecOps)

3rd August 2020
Read More
BLACKHAT GUEST SPEAKER: Owanate Bestman

BLACKHAT GUEST SPEAKER: Owanate Bestman

30th July 2020
Read More
10 Free Cyber Security Training Courses

10 Free Cyber Security Training Courses

28th July 2020
Read More