At a glance.
- Report: Key Ring user information compromised in data exposure.
- Twitter discloses, fixes, a bug that left cached files from DMs in the Firefox browser.
- Ransomware steals data from biotech firm.
- Update: attempted compromise of World Health Organization staffers' personal email accounts.
- Zoom works to address teleconferencing privacy issues.
Key Ring user data found exposed in unsecured AWS S3 bucket.
Researchers at vpnMentor found a misconfigured AWS S3 bucket that contained a database belonging to Key Ring, a popular app that scans users' loyalty and membership cards to a folder accessible on their smartphone. Threatpost puts the total number of items exposed at forty-four-million. Some users scanned more sensitive items, like driver's licenses, to the app, and the researchers who found the data exposure believe the compromised information could be used in identity theft.
Twitter fixes a caching bug.
Twitter has disclosed and fixed a bug affecting direct messages. ZDNet reports that private files sent by DM remained cached in the Firefox browser, where they remained for six days, even after users left or logged out of Twitter.
California biotech firm discloses ransomware attack.
10x Genomics, a California biotech firm working on COVID-19 treatments, disclosed in a Form 8K filed Wednesday with the US Securities and Exchange Commission that it had sustained a ransomware attack. The company says it has restored both access to its data and normal operations, but the attack also involved theft of some company information. The 8K doesn't go into detail about what sort of information was stolen, so it's unclear whether is was intellectual property, business files, or personally identifiable information. CyberScoop reports, citing a tweet from Under the Breach, that the ransomware may have belonged to the Sodinokibi family, which would be consistent with its information-stealing functionality.
What kind of COVID-19 work is 10x Genomics engaged in? It seems important. CyberScoop says, "The company currently is part of an international alliance that is sequencing cells from patients who have recovered from COVID-19 as part of an effort to understand possible treatments for the disease."
Update on attempted compromise of WHO staffers' personal email.
The World Health Organization has said little more about attempts to compromise staffers’ personal email accounts, but has said it believed the attempts were unsuccessful. Reuters quoted sources who suggested the campaign was run on behalf of Iran: “We’ve seen some targeting by what looks like Iranian government-backed attackers targeting international health organizations generally via phishing,” said a source identified as someone at “a large technology company that monitors internet traffic for malicious cyber activity.”
Reuters also consulted security firm Prevailion, which made no attribution but which did say they’d captured evidence of compromise suggesting the activity of what they characterize as “a sophisticated hacking group.” Computing reports the attacks, which appear to have begun in the first week of March, are continuing.
Zoom works to fix privacy issues in teleconferencing service.
The teleconferencing service is patching vulnerabilities disclosed to it as the company's services see an enormous spike in demand during the COVID-19 emergency's period of enforced social isolation and remote work. The Washington Post says that Zoom's quick response has generally been well-received, even by such normally skeptical critics as the Electronic Frontier Foundation. Errata Security offers some perspective on the bugs, advising users to take sensible security steps but also not to exaggerate the risk.