Weekly News Roundup September 16-20, 2019


Posted on by Kacy Zurkus

Millions of Ecuadorians are still processing the shocking revelation that their personal information was leaked after security researchers discovered a misconfiguration in an Elasticsearch database at Novaestrat. “The Elasticsearch server contained a total of approximately 20.8 million user records, a number larger than the country's total population count. The bigger number comes from duplicate records or older entries, containing the data of deceased persons,” ZDNet reported.

Novaestrat is not alone in its misconfiguration issues, and it’s not only human error that made headlines this week. Here’s a look at what you might have missed in this week’s news.

Sept. 20: According to an IBM press release, the company has brought what it is calling the “world’s largest fleet of quantum computing systems online.”

Sept. 19: Hundreds of Facebook and Instagram accounts and pages were interrupted when Facebook identified campaigns “attempting to influence user behavior in Iraq and Ukraine,” Infosecurity Magazine reported.

Sept. 19: A new breed of IoT devices, dubbed “over the top” (OTT) platforms, which includes Smart TVs, have reportedly been “spying” on users and “leaking sensitive data to companies such as Facebook, Amazon, Google and Netflix, according to two separate studies conducted by university researchers as well as independent research done by a Washington Post reporter.”

Sept. 19: After months of opposition, Senate Republicans have approved $250 million in funding for election security, which is seen as a step forward, The Hill reported.

Sept. 18: The adversarial group known as Tortoiseshell Group has been targeting organizations predominantly in Saudi Arabia since July of 2018. The threat group is reportedly using “a deadly mix of custom-made and off-the-shelf malware.” Researchers at Symantec identified the group’s activity as recently as July 2019

Sept. 18: After Kaspersky Lab reported that the personal information of 30 million passengers had been leaked, Malindo Air released a statement confirming that the exposed information included “passengers’ passport details, addresses and phone numbers.”

Sept. 18: Now that Acronis has raised $147 million in funding, the cybersecurity backup and disaster recovery company is in hot pursuit of an acquisition. Meanwhile, in a move intended to improve the security of open source code development, GitHub announced that it will acquire Semmle.

Sept. 17: Researchers at Trend Micro identified a Linux malware, Skidmap, disguising itself on infected machines. The malware is being used for unlawful cryptocurrency mining. “This malware is notable because of the way it loads malicious kernel modules to keep its cryptocurrency mining operations under the radar,” the researchers wrote.

Sept. 16: Authorities in Ecuador launched an investigation into Novaestrat’s mishandling of citizen data, noting that the company should not have had access to the data it had exposed. As part of the investigation, federal police raided Novaestrat's office and arrested the general manager, William Roberto G.

Sept. 16: After the Federal Emergency Management Agency (FEMA) acknowledged that it had mishandled the personally identifiable information (PII) of approximately 2.5 million disaster survivors, the agency announced that “as a precautionary measure, the federal agency will offer 18 months of free credit monitoring services to those affected by the breach.”


Contributors
Kacy Zurkus

Senior Content Manager, RSA Conference

RSAC Insights

quantum computing social networking anti-malware

Blogs posted to the RSAConference.com website are intended for educational purposes only and do not replace independent professional judgment. Statements of fact and opinions expressed are those of the blog author individually and, unless expressly stated to the contrary, are not the opinion or position of RSA Conference™, or any other co-sponsors. RSA Conference does not endorse or approve, and assumes no responsibility for, the content, accuracy or completeness of the information presented in this blog.


Share With Your Community

Related Blogs

Datasource is null?