Especially worthy of notice today.
- Ransomware infections should now be treated as data breaches.
- Apple's stance on encryption softens.
- Unsecured AWS S3 buckets remain a leading cause of data exposure.
- NIST's draft privacy framework is out.
- Saudi Arabia was in Jeff Bezos's phone.
BitPyLock ransomware threatens victims with doxing.
The criminals behind the BitPyLock ransomware are threatening to release data they stole in the course of encrypting victims' files, BleepingComputer reports.
Apple backed away from fully encrypting backups?
Reuters reports in an exclusive that Apple, under pressure from the FBI, has pulled back from plans to extend end-to-end encryption to backups stored in its cloud.
Unsecured AWS S3 bucket exposes cannabis dispensaries' customer PII.
Are you a cannabis user? Neither are we, but for those who are, vpnMentor announced some disturbing news: THSuite, a point-of-sale system widely used in the cannabis industry, has exposed the personal information of some thirty-thousand cannabis dispensary customers in an exposed AWS S3 bucket. The exposure was discovered on December 24th, the database owners were notified on December 26th, and the database was secured on January 14th. vpnMentor, which discovered the exposure and notified the data owners, says that the affected dispensaries include AmediCanna Dispensary, Bloom Medicinals, and Colorado Grow Company. The researchers recommend that the dispensaries contact THSuite about the security of their data. The US cannabis industry, which is closely regulated but also exists in a grey area between Federal and state law, necessarily collects and maintains extensive records on its customers.
NIST has published a draft of its privacy framework.
Version 1.0 is out. Consistent with approach taken by the US National Institute of Standards and Technology in cybersecurity, the draft sees enhanced enterprise risk management as the best way of improving privacy.
Billionaires get spyware, too.
The UN concluded that the Kingdom of Saudi Arabia was responsible for installing spyware in Amazon founder and Washington Post owner Jeff Bezos's phone. The Guardian reports that Mr. Bezos's phone was compromised after contact with Saudi Crown Prince Mohammed bin Salman. The hacking took place some five months before the killing of Jamal Khashoggi on October 2nd, 2018. Mr. Khashoggi had been a critic of the Saudi government and a columnist for the Post.
Mr. Bezos contracted with Washington-based FTI Consulting for a forensic audit of his phone. FTI concluded with what the Wall Street Journal calls “medium to high confidence” data began leaving the device shortly after it received a video file from the WhatsApp account linked to the Crown Prince, and that such data exfiltration continued for months. FTI Consulting would not comment on the story to the Journal, which cites “a person familiar with the matter” as its source.
The FTI Consulting report is apparently a principal source of the conclusion reached by two UN special rapporteurs. The Wall Street Journal reports that the UN's special rapporteurs on extrajudicial killings and freedom of expression this morning recommended further investigation. “Mr. Bezos was subjected to intrusive surveillance via hacking of his phone as a result of actions attributable to the WhatsApp account used by Crown Prince Mohammed bin Salman,” they said. The rapporteurs think it likely, on circumstantial grounds, that the spyware in the incident may have been NSO Group’s intercept tool Pegasus.