Security News
US prosecutors claim six people bribed corrupt Amazon insiders to rig the the web giant's Marketplace in their favor and leak terabytes of data including some search algorithms. In an indictment [PDF] filed late last week, the Dept of Justice asserted that the six defendants paid over US$100,000 to "Complicit Amazon employees and contractors." The DoJ claims at least ten Amazonians took the crooked coin and "Baselessly and fraudulently conferred tens of millions of dollars of competitive benefits on hundreds of 3P seller accounts that the defendants purported to represent".
US prosecutors claim six people bribed corrupt Amazon insiders to rig the the web giant's Marketplace in their favor and leak terabytes of data including some search algorithms. In an indictment [PDF] filed late last week, the Dept of Justice asserted that the six defendants paid over US$100,000 to "Complicit Amazon employees and contractors." The DoJ claims at least ten Amazonians took the crooked coin and "Baselessly and fraudulently conferred tens of millions of dollars of competitive benefits on hundreds of 3P seller accounts that the defendants purported to represent".
In a new report into the global cybersecurity industry's exposure on the Dark Web this year, global application security company, ImmuniWeb, uncovered that 97% of leading cybersecurity companies have data leaks or other security incidents exposed on the Dark Web, while on average, there are over 4,000 stolen credentials and other sensitive data exposed per cybersecurity company. Key findings that the research found relating to the leading global cybersecurity companies' exposure on the Dark Web included:97% of companies have data leaks and other security incidents exposed on the Dark Web.
Ursem, self-appointed "Lamest hacker you know" found the leaked info in a simple search to see if someone "Is actually stupid enough to upload medical customer data to GitHub," he told DataBreach.net. The report describes one errant developer referred to as the "Typhoid Mary of Data Leaks" because of the multiple errors and repetition of these errors in his use of GitHub in relation to not just storage and management of medical data, but other files as well.
British infosec accreditation body CREST has suspended all of its accreditation exams after The Register revealed a published cache of files including what appeared to be internal exam sheets as well as docs apparently tied to key industry player NCC Group. We understand from sources that the security body has suspended all of its CREST Certified Infrastructure Tester and CREST Certified Web Application Tester exams for up to a month while their contents are reviewed.
UPDATE. The Maze ransomware gang has reportedly leaked Canon U.S.A. data online. The leaked data consists of a single file, according to the report: About 2.2 GB-worth of marketing data and videos, compiled into an archive called "STRATEGICPLANNINGpart62.zip." The Maze gang claims it represents 5 percent of all of the data stolen from the camera giant.
British infosec biz NCC Group has admitted to The Register that its internal training materials were leaked on GitHub - after folders purporting to help people pass the CREST pentest certification exams appeared in a couple of repositories. CREST offers a certification called CRT: CREST Registered Tester.
BluBracket introduced significant new functionality to its Code Security Suite, allowing companies for the first time to find stolen and copied source code in public repositories. Code proliferation represents a significant threat to companies today-not just in the loss of intellectual property, but also in the risks code poses to general enterprise security.
Source code belonging to tens of companies, including several major organizations, has been leaked online after it was found on unprotected DevOps infrastructure. Kottmann told SecurityWeek that the source code they've made public, much of which appears to be proprietary, mostly comes from improperly configured or exposed DevOps infrastructure.
VPNs are all the rage these days, because they're supposed to boost your privacy and stop you being tracked. Many VPNs tell you that "They don't keep any logs at all", and therefore that they would have nothing on you that they could hand over to law enforcement even if they wanted to.