Brown-Forman, one of the largest U.S. companies in the spirits and wine business, suffered a cyber attack. The intruders allegedly copied 1TB of confidential data; they plan on selling to the highest bidder the most important info and leak the rest. Headquartered in Louisville, Kentucky, the company holds world-known whiskey and scotch brands like Jack Daniel’s, Woodford, Old Forester, Collingwood, Glenglassaugh, and Glendronach; Herradura, El Jimador, and Pepe Lopez tequila; Finlandia vodka, and Sonoma-Cutrer wines. Sodinokibi (REvil) ransomware operators announced on Friday that they had compromised Brown-Forman’s computer network and spent more than a month examining user services, cloud data storage, and general structure.
An update to the Mac version of Microsoft Outlook will let users store a hugely detailed amount of personal information about their contacts, including their blood group and star sign. The changes are part of an upcoming update for Office for Mac, which is currently available for testing by “Insiders” – Microsoft’s term for customers who test upcoming versions of its software. There’s no suggestion that Microsoft will collect this information on users’ behalf, but it raises questions about the storage of highly personal data within the software. Outlook Contacts are not encrypted by default, instead relying on users to apply computer-wide encryption solutions such as Microsoft’s own BitLocker technology or the FileVault encryption that is built into macOS. The addition of blood group data, in particular, suggests Microsoft is encouraging users to store personal medical data in Outlook. That raises the risk of data theft if laptops are lost or computers are hacked.
TikTok and its U.S. employees are planning to take President Donald Trump’s administration to court over his sweeping order to ban the popular video app, according to a lawyer preparing one of the lawsuits. The employees’ legal challenge to Trump’s executive order will be separate from a pending lawsuit from the company that owns the app, though both will argue that the order is unconstitutional, said Mike Godwin, an internet policy lawyer representing the employees. Trump last week ordered sweeping but vague bans on dealings with the Chinese owners of TikTok and messaging app WeChat, saying they are a threat to U.S. national security, foreign policy and the economy. The TikTok order would take effect in September, but it remains unclear what it will mean for the apps’ 100 million U.S. users, many of them teenagers or young adults who use it to post and watch short-form videos.
Ramped-up U.S. restrictions on Huawei are likely to cut off the Chinese smartphone maker’s access to even off-the-shelf chips and disrupt the global tech supply chain once again, executives and experts cautioned. The Trump administration on Monday expanded its curbs on Huawei and banned suppliers from selling chips made using U.S. technology to the firm without a special license – closing potential loopholes in its May sanctions that could have let Huawei access the tech via third parties. The restrictions underscore the rift in Sino-U.S. relations, at their worst in decades, as Washington presses governments around to world to squeeze Huawei out, alleging the company would hand over data to the Chinese government for spying. Huawei denies it spies for China.
North Korea has at least 6,000 hackers and electronic warfare specialists working in its ranks, and many of these are operating abroad in countries such as Belarus, China, India, Malaysia, and Russia, the US Army said in a report published last month. Named “North Korean Tactics,” the report a tactical manual that the US Army uses to train troops and military leaders, and which the Army has made public for the first time last month. The 332-page report contains a treasure trove of information about the Korean People’s Army (KPA), such as military tactics, weapons arsenal, leadership structure, troop types, logistics, and electronic warfare capabilities.
Google is working on improving the security of Chrome users by alerting them when filling out forms on secure pages that are delivered insecurely. Set to be introduced in Chrome 86, the feature targets the so-called mixed forms (they are found on HTTPS pages that submit over HTTP), which are considered a risk to users’ security and privacy. Because the data transmission is not performed over a secure connection, the information introduced by the user in those forms is visible to eavesdroppers, meaning that malicious actors can read or change the form data. Chrome versions prior to 86 mark mixed forms by removing the lock icon from the address bar. “We saw that users found this experience unclear and it did not effectively communicate the risks associated with submitting data in insecure forms,” Shweta Panditrao, Chrome Security Team, explains.