720-891-1663

Alerts, Breach, Hacks, Legal, Privacy, Safety

Security News Update for Week Ending June 21, 2024

Leave a comment

Are You Prepared for Fifth Party Risk?

Boeing and Airbus are in trouble, again. Except it is not them. Boeing and Airbus sell to airlines. Lets pick one at random – Delta. That is the first party. They buy their planes from, lets say, Airbus, a THIRD party. Both Boeing and Airbus use a FOURTH party, Spirit Aerosystems, to build the cabins for them. Spirit, not surprisingly, buys titanium from a FIFTH party, who was not named, but was selling titanium with fake documentation. Ultimately, the airline is the one who gets in trouble for a supply chain issue, many levels removed from their control. Credit: CNN

Another Day, Another Snowflake Victim Announced

Pure Storage, maker of network storage hardware, announced that it, too, was a victim of the Snowflake attack. They say this is not too bad because all the attacker got was telemetry data used for customer support. It included names, emails and software versions, but not passwords or customer data. Credit: CSO Online

Security Bug Allows ANYONE to Spoof Microsoft Employee Emails

In light of the ProPublica expose that revealed that Microsoft tried really hard to close bug reports without fixing them, this is not a surprise.  A researcher found a bug that would allow anyone to impersonate Microsoft corporate email accounts to the 400 million Outlook users in the world.  Microsoft closed the bug report he submitted as not reproducible.  When the researcher posted the bug on Twitter Microsoft changed its tune and reopened the bug report but it has not been fixed yet.  Credit: Tech Crunch

Hackers LEAK Kansas City Police Department Data

The BlackSuit ransomware cartel posted KC police data on their dark web site. The data includes case reports, fingerprint databases, employee data and other sensitive information. The attackers said the police would not pay the ransom and “voluntarily agreeing to have their case files made public”. I am not sure what voluntary means in this case. Maybe since you voluntarily decided not the pay the ransom, we voluntarily decided to publish your information? Credit: Cybernews

TikTok Sues US Government

We knew this was coming so in one sense, it is not much news. On the other hand, anything that affects 170 million people (the number of U.S. TikTok users) in an election year is news. TikTok and its Parent ByteDance say that the U.S. refused to negotiate with them since 2022 and they have spent $2 billion to placate critics (who knows if that is true), They also say that it is impossible to complete a sale, even if they wanted to, by the January 2025 deadline. They are asking the court to neuter the law. Credit: Yahoo Tech

Facebooktwitterredditlinkedinmailby feather

Leave a Reply

Your email address will not be published. Required fields are marked *

Copyright © 2024 CyberCecurity, All rights reserved. Privacy Policy