Security News

Amazon has recently terminated employees responsible for leaking customer data, including their email addresses, to an unaffiliated third-party in violation of company policies. "Did anyone else get a weird email from Amazon about this data breach or was I just targeted solo?" tweeted entrepreneur Zain Jaffer.

ThunderX has changed its name to Ranzy Locker and launched a data leak site where they shame victims who do not pay the ransom. The ransomware operators quickly fixed their bugs and released a new version of the ransomware under Ranzy Locker name.

Security consultant Bob Diachenko ran across a misconfigured Elasticsearch cloud cluster that exposed a segment of Razer's infrastructure to the public internet, for anyone to see. "As more organizations adopt cloud-based tools to obtain a competitive advantage, the rate of cloud application usage increases in tandem. However, most organizations are not equipped to handle the security demands of the cloud. In fact, 86 percent of companies deploy cloud applications, yet just 34 percent have single sign-on solutions in place, demonstrating a massive gap in cloud adoption and necessary cloud-security solutions."

Intel is investigating reports that a claimed hacker has leaked 20GB of data coming from the chip giant, which appear to be related to source code and developer documents and tools. "The information appears to come from the Intel Resource and Design Center, which hosts information for use by our customers, partners and other external parties who have registered for access," an Intel spokesperson told SecurityWeek.

The Vermont Department of Taxes may have been exposing taxpayer data that could be used in credential scams for more than three years due to a vulnerability in its online tax filing system. A notice posted on the department's website warned taxpayers who filed a Property Transfer Tax return through the department's online filing site between Feb. 1, 2017, and July 2, 2020, may have had their personal information leaked.

In May 2019, KrebsOnSecurity broke the news that the website of mortgage title insurance giant First American Financial Corp. had exposed approximately 885 million records related to mortgage deals going back to 2003. On Wednesday, regulators in New York announced that First American was the target of their first ever cybersecurity enforcement action in connection with the incident, charges that could bring steep financial penalties.

Collaboration security startup Polymer announced its official launch on Wednesday with a solution that automatically detects and redacts sensitive data shared by users in popular collaboration tools. When users share this type of information via one of the supported collaboration tools, Polymer automatically redacts sensitive information and ensures that the unredacted information can only be accessed by users that have been authorized in the Polymer administrative dashboard.

Cloud software provider Blackbaud has admitted that it paid cybercriminals to regain control of data following a ransomware attack in May 2020. Last week, the company published a notice on a ransomware attack that it fell victim to in May 2020, claiming that it was able to discover and stop the assault, but not before some data was exfiltrated by the attackers.

A former analyst for the U.S. Defense Intelligence Agency has been sentenced to more than two years in prison after sharing highly classified, national defense intelligence with two reporters. According to the Department of Justice on Thursday, Frese held a "Top Secret/Sensitive Compartmented Information" security clearance at the DIA. He leveraged these privileges to search for the classified data - stored in secure, classified government information systems - at least 30 times in 2018.

Researchers have disclosed the details of a new speculative execution attack affecting many Intel processors, and they say this is the first vulnerability of this kind that allows hackers to obtain sensitive information across the cores of a CPU. The vulnerability was discovered by a team of researchers from Vrije Universiteit Amsterdam in the Netherlands and ETH Zurich in Switzerland. They initially reported their findings to Intel in September 2018 and nearly one year later they informed the tech giant about the possibility of cross-core leaks.