Security News

Twitter has permanently banned the account of Distributed Denial of Secrets after it posted links to stolen information belonging to hundreds of law enforcement organizations in the United States. Distributed Denial of Secrets, a WikiLeaks-style organization whose goal is the "Free transmission of data in the public interest," recently leaked roughly 270 GB of information on more than 200 police departments, fusion centers, the FBI and other law enforcement organizations.

Known as BlueLeaks, the info trove consists mostly of crime intelligence material uploaded to what are known as fusion centers. Created in the aftermath of the September 11 terror attacks, serve as a way for state and county cops to share information with one another and with the FBI and US Homeland security.

A former analyst for the U.S. Defense Intelligence Agency has been sentenced to more than two years in prison after sharing highly classified, national defense intelligence with two reporters. According to the Department of Justice on Thursday, Frese held a "Top Secret/Sensitive Compartmented Information" security clearance at the DIA. He leveraged these privileges to search for the classified data - stored in secure, classified government information systems - at least 30 times in 2018.

If, for example, your program is reading through an array of data to perform a complex calculation based on all the values in it, the processor needs to make sure that you don't read past the end of your memory buffer, because that could allow someone else's private data to leak into your computation. The theory is that if the checks fail, the chip can just discard the internal data that it now knows is tainted by insecurity, so there's a possible performance boost without a security risk given that the security checks will ultimately prevent secret data being disclosed anyway.

Researchers have disclosed the details of a new speculative execution attack affecting many Intel processors, and they say this is the first vulnerability of this kind that allows hackers to obtain sensitive information across the cores of a CPU. The vulnerability was discovered by a team of researchers from Vrije Universiteit Amsterdam in the Netherlands and ETH Zurich in Switzerland. They initially reported their findings to Intel in September 2018 and nearly one year later they informed the tech giant about the possibility of cross-core leaks.

The cybercriminals behind the recent attack on Elexon, which manages the electricity market in the United Kingdom, have started leaking data allegedly stolen from the company. Elexon revealed in mid-May that its IT systems were targeted in a cyberattack, but it did not provide any additional details.

Japan is investigating a possible leak of data including details of a prototype missile in a massive cyberattack earlier this year on Mitsubishi Electric Corp., officials said Wednesday. The suspected leak involves sensitive information about a prototype of a cutting-edge high speed gliding missile intended for deployment for the defense of Japan's remote islands amid China's military assertiveness in the region.

Last week we had the story of miscreants stealing a massive trove of data from the computers of an American law firm representing a galaxy of showbiz stars. Red teams rejoice! Microsoft has released an offensive security tool called Stormspotter that identifies potential weaknesses in an organization's Azure deployments - which a miscreant could exploit to gain access to data or drill further into a network.

Last week we had the story of miscreants stealing a massive trove of data from the computers of an American law firm representing a galaxy of showbiz stars. Red teams rejoice! Microsoft has released an offensive security tool called Stormspotter that identifies potential weaknesses in an organization's Azure deployments - which a miscreant could exploit to gain access to data or drill further into a network.

Comparitech security researchers have discovered that thousands of Android applications distributed through Google Play leak sensitive information due to Firebase misconfigurations. Overall, 4.8% of all mobile apps using Firebase are believed to be leaking personal information, access tokens, and other types of data.