AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 10/28/2022

Thomson Reuters collected and leaked at least 3TB of sensitive data

Thomson Reuters, a multinational media conglomerate, left an open database with sensitive customer and corporate data, including third-party server passwords in plaintext format. Attackers could use the details for a supply-chain attack. The Cybernews research team found that Thomson Reuters left at least three of its databases accessible for anyone to look at. One of the open instances, the 3TB public-facing ElasticSearch database, contains a trove of sensitive, up-to-date information from across the company’s platforms. The company recognized the issue and fixed it immediately. Thomson Reuters provides customers with products such as the business-to-business media tool Reuters Connect, legal research service and database Westlaw, the tax automation system ONESOURCE, online research suite of editorial and source materials Checkpoint, and other tools.

Twilio Reveals Further Security Breach

Communication tool provider Twilio has revealed that the same malicious actors responsible for a July breach at the firm also managed to compromise an employee a month prior, exposing customer information. The revelation was buried in a lengthy incident report updated and concluded yesterday. The report focuses mainly on the July–August incident in which attackers sent hundreds of “smishing” text messages to the mobile phones of current and former Twilio employees. Posing as Twilio or other IT administrators, they tricked some recipients into clicking on password reset links leading to fake Okta login pages for Twilio. Once harvested, these credentials were used to access internal Twilio administrative tools and apps and, in turn, customer information.

Google execs knew ‘Incognito mode’ failed to protect privacy, suit claims

A federal judge in California is considering motions to dismiss a lawsuit against Google that alleges the company misled them into believing their privacy was being protected while using Incognito mode in the Chrome browser. The lawsuit, filed in the Northern District Court of California by five users more than two years ago, is now awaiting a recent motion by those plaintiffs for two class-action certifications. The first would cover all Chrome users with a Google account who accessed a non-Google website containing Google tracking or advertising code and who were in “Incognito mode”; the second covers all Safari, Edge, and Internet Explorer users with a Google account who accessed a non-Google website containing Google tracking or advertising code while in “private browsing mode.” 

New York Post hacked? No, the culprit is an employee

New York Post confirmed that it was hacked, its website and Twitter account were used by the attackers to publish offensive messages targeting US politicians and a call for the assassination of US President Joe Biden. Another message on the tabloid’s account called for the assassination of New York lawmaker Alexandria Ocasio-Cortez too. Other politicians targeted with offensive headlines and tweets are NYC Mayor Eric Adams, D-NY Rep, NY Governor Kathy Hochul, Texas Governor Gregg Abbot, and R-IL Rep. Adam Kinzinger. The company deleted the disturbing tweets and launched an investigation into the security breach. The company discovered that the culprit was an employee that has been fired.

Cloud and Hybrid Working Security Concerns Surge

Concerns among global technology leaders about the security of cloud, datacenter and hybrid working environments have increased significantly over the past year, according to a new paper from the IEEE. The professional body polled 350 CIOs, CTOs, IT directors and other technology leaders in the US, UK, China, India and Brazil to compile its pending report, The Impact of Technology in 2023 and Beyond: an IEEE Global Study. Respondents came from organizations with more than 1000 employees across multiple industry sectors, including financial services, consumer goods, education, electronics, engineering, energy, government, healthcare, retail, technology and telecommunications. The number voicing concerns about cloud vulnerabilities increased significantly from a year ago. Some 51% highlighted them as a potential threat for 2023, versus 35% in 2022.

Related Posts