LOS ANGELES – An Illinois man was found guilty today by a federal jury for running websites that allowed paying users to launch powerful distributed denial of service, or DDoS, attacks that flood targeted computers with information and prevent them from being able to access the internet. Matthew Gatrel, 32, of St. Charles, Illinois, was found…
Category: Commentaries and Analyses
Credential leak fears raised following security breach at Travis CI
John Leyden reports: Concern is growing within the infosec community that a breach at DevOps platform vendor Travis CI might run deeper than the firm has so far been prepared to admit. Travis CI, a continuous integration and continuous delivery (CI/CD) service for cloud platform projects, admitted to an issue in a post on its community forums while also…
Office of the Privacy Commissioner for Bermuda Issues Data Breach Guide
Odia Kagan of Fox Rothschild writes: The Office of the Privacy Commissioner for Bermuda has issued a helpful guide on the various types of harm that could be caused by a data breach. The office also referred to the Future of Privacy Forum research on potential harms. Read more here, In their guidance, the Bermuda privacy…
Exposed Payment Integration API Keys Imperil Millions of Users’ Transaction Details and PII
Arshit Jain and Sai Ahladini Tripathy report some findings concerning the risk of unauthorized access to API keys enabling acquisition of sensitive or critical data. A recent investigation by CloudSEK found that a range of companies have mobile apps with API keys that are hardcoded in the app packages. “These keys could be easily discovered…
Are “corrupt my file” sites safe? Here’s why to avoid corrupt-a-file services
Am I the last one to know about “corrupt my file” sites? Joshua Long reports that apart from file corruption that occurs accidentally in our lives or in some cases intentionally by malware, there are sites that will intentionally corrupt a file for you. While that may seem entirely counterproductive, corrupt-a-file sites make claims such…
Kaspersky releases its first Transparency Report
Kaspersky has released its first transparency report concerning requests received from government and law enforcement agencies, and users for data and technical expertise in 2020 and H1 2021. Kaspersky has publicly shared its approach in responding to requests from global government and law enforcement agencies for two categories: user data and technical expertise. It also…