AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 6/14/2024

Cylance clarifies data breach details, except where the data came from

BlackBerry-owned cybersecurity shop Cylance says the data allegedly belonging to it and being sold on a crime forum doesn’t endanger customers, yet it won’t say where the information was stored originally. Saying very little about where the data came from, Cylance says it is related to company marketing between 2015 and 2018, before BlackBerry bought it, and it came from an undisclosed “third-party platform.” A BlackBerry spokesperson told The Register: “We are aware of a post on the ‘X’ platform reporting that a database for sale on the ‘Dark Web’ contains Cylance customer, partner, and employee names and email addresses along with marketing data.

 

Indiana cop who used Clearview AI facial recognition tech for personal reasons resigns

An Evansville, Indiana police officer has resigned after department officials discovered he had been using Clearview AI facial recognition technology to search social media accounts for personal reasons, a department press release revealed Wednesday. The officer’s misuse of the technology surfaced soon after March talks between department officials and Clearview about renewing their subscription. As part of those negotiations, officials audited use of the technology by officers. “At that point, we observed an anomaly of very high usage of the software by an officer whose work output was not indicative of the number of inquiry searches that they had,” Evansville Police Chief Philip Smith said Wednesday. 

 

Life360 confirms a hacker stole Tile tracker IDs and customer info

A hacker breached the systems behind Tile device trackers and stole customer data, including names, addresses, emails, and phone numbers. According to reporting from 404 Media, the hacker was able to collect customer information by accessing a tool made for responding to law enforcement requests about Tile trackers. The stolen information did not include precise Tile location data. Life360, which owns Tile,  by CEO Chris Hulls acknowledging the hack. Hulls confirmed the data included Tile tracker IDs and said that the hacker had attempted to extort Life360 and that the company reported it to law enforcement.

 

Microsoft Chose Profit Over Security and Left U.S. Government Vulnerable to Russian Hack, Whistleblower Says

Microsoft hired Andrew Harris for his extraordinary skill in keeping hackers out of the nation’s most sensitive computer networks. In 2016, Harris was hard at work on a mystifying incident in which intruders had somehow penetrated a major U.S. tech company. The breach troubled Harris for two reasons. First, it involved the company’s cloud — a virtual storehouse typically containing an organization’s most sensitive data. Second, the attackers had pulled it off in a way that left little trace. He retreated to his home office to “war game” possible scenarios, stress-testing the various software products that could have been compromised.

 

Microsoft employees’ cybersecurity contributions will factor into their pay

Microsoft will evaluate its employees’ cybersecurity contributions in reviews that will factor into their compensation, Brad Smith, the company’s vice chair and president, said ahead of a Thursday U.S. House committee hearing on the software maker’s security practices. The changes represent part of Microsoft’s efforts to address concerns about how much it’s doing to protect its clients’ data. In April, the Department of Homeland Security issued a report based on an independent review of China’s breach of U.S. government officials’ email accounts, an incident that Microsoft disclosed last year. Microsoft committed to changing some practices in response to shortcomings identified in the report.

Related Posts