720-891-1663

Security News Bites for the Week Ending June 2, 2023

Dutch Data Protection Authorities Looking Into Alleged Tesla Data Breach

Germany’s Handelsblatt reported on Thursday that Tesla (TSLA.O) had allegedly failed to adequately protect data belonging to customers, employees and business partners, citing 100 gigabytes of confidential data leaked by a whistleblower. The Dutch DPA is looking into the situation. Among the data is Elon’s Social plus private info including salaries and bank info of 100,000 current and former employees. A lawyer for Tesla said a disgruntled ex service technician leaked the data and the company plans to take legal action. Why would a service technician have access to this data? There is more to this story, I suspect. Credit: Reuters

Suffolk County Uses Ransomware Attack To Bypass Legislature

Suffolk County was hit by a ransomware attack last year which was caused by massive mismanagement and blamed on the IT guy. Now the Suffolk County executive (the head of the county government in New York) has issued nine emergency declarations to cover up his years-long mismanagement of the County’s IT. The emergency declaration allows him to spend an unlimited amount of money without the county legislature’s approval. Finally, it appears, some of the legislators have begun to figure out what he was doing (did it really take them eight months to figure this out) and submitted a resolution to end the emergency, which they have the authority to do. In the meantime, County Executive Steve Bellone has spent millions of dollars without any approval, oversight, bids or justification. Don’t be surprised if “friends of Steve” got a lot of the money. Credit: WSHU

Spyware Maker NSO Gets New Owner

NSO’s creditors foreclosed on it and Luxemburg based Dufresne Holdings, controlled by NSO co-founder Omri Lavie, bought it. Since the company is still on the U.S.’s sanctioned entities list, things won’t get better for them soon, especially if they continue in their old ways. There is no evidence that they will change as long as there are countries willing to pay. Credit: The Register

SHOCKER: You Don’t Get What You Don’t Pay For

This is about Google, but it applies to all providers. In Google’s case, if you sign up for a free Google Workspace account, their cloud competitor to Microsoft Office, you don’t get enterprise features like logging and alerting, so you have no idea if insiders or outsiders are stealing your stuff. I hope it is plain to most people that free services are geared to consumers who don’t really care much if their stuff gets compromised. If you care about or have a legal/regulatory/contract requirement to protect data in your care, stay away from the free stuff. Sorry. Credit: Dark Reading

Russia Wants to Replace iPhones with Home-Grown Aurora OS

Russia’s telecom Rostelcom wants to replace 2 million iOS phones with super secure Russian phones running a version of Linux. Personally, I suspect that a Russian home grown version of Android will not stand up to US and other friendly hackers, so go for it, Mr. Putin. Credit: The Record

Facebooktwitterredditlinkedinmailby feather

Leave a Reply

Your email address will not be published. Required fields are marked *