Security News

Collaboration security startup Polymer announced its official launch on Wednesday with a solution that automatically detects and redacts sensitive data shared by users in popular collaboration tools. When users share this type of information via one of the supported collaboration tools, Polymer automatically redacts sensitive information and ensures that the unredacted information can only be accessed by users that have been authorized in the Polymer administrative dashboard.

A server containing information of users of a genealogy service has exposed the data of 60,000 users, putting them at risk for fraud, phishing and other cybercriminal activity. The leak exposed a MacKiev server with 25 gigabytes of Ancestry user data and MacKiev Software user subscriptions, including information such as email addresses, user location, user support messages and technical data.

Cloud software provider Blackbaud has admitted that it paid cybercriminals to regain control of data following a ransomware attack in May 2020. Last week, the company published a notice on a ransomware attack that it fell victim to in May 2020, claiming that it was able to discover and stop the assault, but not before some data was exfiltrated by the attackers.

Australian beverage company Lion says it has found no evidence that hackers have stolen information from its systems, but the hackers claim they have and are threatening to leak it unless the company pays up. While Lion has not shared any technical information about the attack or the ransomware, the operators of the ransomware known as Sodinokibi and REvil claim to have breached the company's systems.

Twitter has permanently banned the account of Distributed Denial of Secrets after it posted links to stolen information belonging to hundreds of law enforcement organizations in the United States. Distributed Denial of Secrets, a WikiLeaks-style organization whose goal is the "Free transmission of data in the public interest," recently leaked roughly 270 GB of information on more than 200 police departments, fusion centers, the FBI and other law enforcement organizations.

Known as BlueLeaks, the info trove consists mostly of crime intelligence material uploaded to what are known as fusion centers. Created in the aftermath of the September 11 terror attacks, serve as a way for state and county cops to share information with one another and with the FBI and US Homeland security.

A former analyst for the U.S. Defense Intelligence Agency has been sentenced to more than two years in prison after sharing highly classified, national defense intelligence with two reporters. According to the Department of Justice on Thursday, Frese held a "Top Secret/Sensitive Compartmented Information" security clearance at the DIA. He leveraged these privileges to search for the classified data - stored in secure, classified government information systems - at least 30 times in 2018.

If, for example, your program is reading through an array of data to perform a complex calculation based on all the values in it, the processor needs to make sure that you don't read past the end of your memory buffer, because that could allow someone else's private data to leak into your computation. The theory is that if the checks fail, the chip can just discard the internal data that it now knows is tainted by insecurity, so there's a possible performance boost without a security risk given that the security checks will ultimately prevent secret data being disclosed anyway.

Researchers have disclosed the details of a new speculative execution attack affecting many Intel processors, and they say this is the first vulnerability of this kind that allows hackers to obtain sensitive information across the cores of a CPU. The vulnerability was discovered by a team of researchers from Vrije Universiteit Amsterdam in the Netherlands and ETH Zurich in Switzerland. They initially reported their findings to Intel in September 2018 and nearly one year later they informed the tech giant about the possibility of cross-core leaks.

The cybercriminals behind the recent attack on Elexon, which manages the electricity market in the United Kingdom, have started leaking data allegedly stolen from the company. Elexon revealed in mid-May that its IT systems were targeted in a cyberattack, but it did not provide any additional details.