This afternoon, it was confirmed that GEDmatch, the DNA analysis site best known for catching the Golden State Killer, has experienced a data breach that caused user profiles to become available to law enforcement searches. Typically, the site allows users to opt-in for their DNA to be included in police searches, but this breach changed these settings on user accounts without their permission.
ISBuzz Team
Twilio, a cloud communications platform as a service (CPaaS) company, disclosed that attackers compromised its TaskRouter JS SDK after gaining access to one of its misconfigured Amazon AWS S3 buckets. This left the SDK’s path publicly readable and writable since 2015. Twilio’s customers include Twitter, Netflix, Uber, Shopify, Morgan Stanley, Airbnb, and others.
As reported by BBC, University of York leaders have launched an investigation after personal details of its staff and students were accessed during the cyber attack. The cybersecurity experts responded below on this breach.
9 out of 10 Security Professionals Cite Phishing and Ransomware as Top Risks, Yet Only Half Report Sufficient Visibility into Such Threats SAN JOSE, Calif. – July 21, 2020 – Balbix Inc., provider of the industry’s first system for cybersecurity posture transformation, today released its 2020 Cybersecurity 360 Report. The report assesses the state of the enterprise cybersecurity posture in the wake of COVID-19 when the majority of organizations have rapidly adjusted to remote work policies and escalating threats. The findings identify the perennial challenges and primary risk drivers that security professionals are currently facing The report found that 89% of security professionals…
Researchers with WizCase have discovered an unsecured Elasticsearch server leaking 25GB of data linked to users of the popular Family Tree Maker software. Among the details leaked to the public-facing internet were email addresses, geolocation data, IP addresses, system user IDs, support messages, and technical details.
Why APIs are Critical to Agile Development, The Security Gaps and Vulnerabilities That They Can Offer Bad Actors, and What Should Be Done. APIs can introduce security problems that make it much easier for bad actors to attack enterprises by exploiting common mistakes routinely made during app development. That’s why APIs – which simplify data sharing, system connectivity, delivery of new features, etc. – are increasingly a preferred conduit for cyber-attacks. Matt Keil, Director of Product Marketing with Cequence Security, looks at API security and the launch of API Sentinel. By Matt Keil APIs are used more heavily than ever before – mobile…
Over the weekend, the REvil (Sodinokibi) ransomware group targeted Telecom Argentina, one of the country’s largest internet service providers. The group is now demanding $7.5 million in ransom, and that sum will supposedly double after three days. The incident did not cause any damage to the ISP’s customers, but the company’s official websites have been down since Saturday and 18,000 computers have been infected after the hackers gained control of an internal domain admin.
BB News reported that privacy campaigners say England’s coronavirus test and trace program has broken a key data protection law. The program was launched without carrying out an assessment of its impact on privacy as conceded by the Department of Health. It involves people being asked to share sensitive personal information. This can include: their name, date of birth and postcode who they live with places they recently visited names and contact details of people they have recently been in close contact with, including sexual partners.
Today, the ISC has released its Russia Report, which found that the UK is a target for Russian disinformation and Russia carries out malicious cyber activity in order to assert itself aggressively – for example, attempting to interfere in other countries’ elections and targeting on other countries’ Critical National Infrastructure. The ISC expresses concern that there is no clear coordination of the numerous organisations across the UK intelligence community working on this issue.
The UK government isn’t the only organisation encountering issues between data security and app development. The pandemic is also putting pressure on businesses to develop and release apps at an increasingly rapid pace in order to meet demands for continuity. As a recent global report shows, business app sessions have increased by 105% in Q1 2020 compared to the same time last year. This surge, combined with the acceleration of digital transformation initiatives, means security’s priority status is under threat; right now, development teams’ focus is on releasing the next new set of features. So, with DevOps now front and centre…