The Guardian: Trump immigration database exposes crime victims’ personal info, lawyers say. “A new US immigration database has exposed the personal information of crime victims, putting them at risk of further violence and violating federal laws designed to conceal the identities of abuse survivors, according to a coalition of attorneys.”
Dark Reading: 82% of Databases Left Unencrypted in Public Cloud. “The average lifespan of a cloud resource is 127 minutes. Traditional security strategies can’t keep up with this rate of change, and 82% of databases in the public cloud are left unencrypted. These findings come from the RedLock Cloud Security Intelligence (CSI) team’s ‘Cloud Infrastructure Security Trends’ report.”
Techdirt: Boston Globe Blocks Readers Using Privacy Modes In Browsers. “…people generally like to use privacy and incognito modes in their browsers for the very reasons the browsers developed them: security and privacy. Two things that perhaps the folks at the Boston Globe don’t consider terribly important as they have elected to simply block all readership from browsers running in privacy modes unless the reader signs up for a subscription.”
eWeek: Check Point Discovers Media Subtitle Vulnerability Impacting Millions. “Security firm Check Point Software Technologies publicly disclosed a new threat vector today in media player subtitles, that could have potentially exposed millions of users to security risks. Simply by running a media file that downloads embedded malicious subtitles, Check Point alleges that end-user systems could have been taken over by attackers.”
Ars Technica: “Yahoobleed” flaw leaked private e-mail attachments and credentials. “For years, Yahoo Mail has exposed a wealth of private user data because it failed to update widely used image-processing software that contained critical vulnerabilities. That’s according to a security researcher who warned that other popular services are also likely to be leaking sensitive subscriber secrets.”
The Verge: New Browser Act would restore restrictions on sharing browsing history. “In April, the Senate voted to roll back the FCC’s internet privacy rules, clearing the way for internet service providers to share browsing histories with third-party advertisers — and provoking a significant backlash along the way. Now, one of the leading forces for the April push has introduced a new bill that could restore some of those restrictions, while adding new ones for web services like Facebook and Google.” Interesting comments – at least at this writing, they have stayed “interesting” without slipping into “good heavens”.
Neowin: CIA-created spyware called Athena released by WikiLeaks, targets all major Windows versions. “Codenamed ‘Athena’, the spyware was apparently created by the CIA in conjunction with Siege Technologies, a New Hampshire cyber tech firm. Athena allows an attacker to take total control of a computer, send and retrieve data to and from remote locations, such as CIA servers, delete data and also upload other malicious code onto the computer, thereby introducing even more infections. It also works for any version of Windows from Windows XP to Windows 10, marking it as particularly potent in both its capabilities and its reach.”