Cybercriminals leak medical data of Humana customers online
Techradar, Anthony Spadafora
“Additionally, the database may also contain API calls to various functions that include private API keys that cybercriminals could utilize to access other online services used by Humana or even its partners.” Read More
Patch now: Linux file system security hole, dubbed Sequoia, can take over systems
ZDNet, Steven J. Vaughan-Nichols
“‘If an unprivileged local attacker creates, mounts, and deletes a deep directory structure whose total path length exceeds 1GB…then’ through a series of other maneuvers you can write to out of bounds memory. And, with that, you can corrupt data, crash the system, or, worst of all, execute unauthorized code.” Read More
Study finds 97% of cloud apps used in the enterprise are shadow IT
SC Magazine, Steve Zurier
“[Enterprises] should favor a security architecture that provides context for apps, cloud services, and web-user activity, and that applies zero-trust controls to protect data wherever and however it’s accessed.” Read More
Amazon kicks NSO Group off its cloud service after spying reports
Cnet, Laura Hautala
“If you don’t do anything to stop the sale of this technology, it’s not just going to be 50,000 targets. It’s going to be 50 million targets, and it’s going to happen much more quickly than any of us expect.” Read More
Revealed: leak uncovers global abuse of cyber-surveillance weapon
The Guardian, Stephanie Kirchgaessner, et al.
“the broad array of [phone] numbers in the list belonging to people who seemingly have no connection to criminality suggests some NSO clients are breaching their contracts with the company, spying on pro-democracy activists and journalists investigating corruption, as well as political opponents and government critics.” Read More