Arshit Jain and Sai Ahladini Tripathy report some findings concerning the risk of unauthorized access to API keys enabling acquisition of sensitive or critical data. A recent investigation by CloudSEK found that a range of companies have mobile apps with API keys that are hardcoded in the app packages. “These keys could be easily discovered…
Category: Commentaries and Analyses
Are “corrupt my file” sites safe? Here’s why to avoid corrupt-a-file services
Am I the last one to know about “corrupt my file” sites? Joshua Long reports that apart from file corruption that occurs accidentally in our lives or in some cases intentionally by malware, there are sites that will intentionally corrupt a file for you. While that may seem entirely counterproductive, corrupt-a-file sites make claims such…
Kaspersky releases its first Transparency Report
Kaspersky has released its first transparency report concerning requests received from government and law enforcement agencies, and users for data and technical expertise in 2020 and H1 2021. Kaspersky has publicly shared its approach in responding to requests from global government and law enforcement agencies for two categories: user data and technical expertise. It also…
Walgreens’ Covid-19 test registration system exposed — and still exposes? — patient data
Sara Morrison reports: If you got a Covid-19 test at Walgreens, your personal data — including your name, date of birth, gender identity, phone number, address, and email — was left on the open web for potentially anyone to see and for the multiple ad trackers on Walgreens’ site to collect. In some cases, even…
SuspectFile intervista AvosLocker: nuovi dettagli sulla variante avos2
Marco A. DeFelice has a post about AvosLocker that is in both Italian and English, in different parts. The English part is a bit of an interview or chat Marco had with their spokesperson. They use the opportunity to explain how superior they believe their new variant, .avos2, is. You can read it all on…
Education Department Updates Rules and Criminal Penalties for Accessing Agency Data
Aaron Boyd reports: The Education Department is rolling out new rules for accessing and handling agency data by third parties—including students, parents and loan companies—with updated criminal penalties for anyone not following the new statutes. The new rules intend to bring the department into compliance with the 2019 Stop Student Debt Relief Scams Act and…