TLDR Information Security 2024-04-12

Irish taxi software firm iCabbi suffered a data breach that exposed nearly 300,000 customers' personal data, including names, emails, and phone numbers of senior officials and journalists. The breach was due to an unprotected database resulting from "human error" during a database migration. iCabbi acknowledged the breach, stating that it notified affected taxi companies, but did not disclose if any individuals suffered losses.

Apple has sent threat notifications to iPhone users in 92 countries warning them about potential targeting by mercenary spyware attacks. The alerts state that Apple detected attempts to remotely compromise the users' iPhones, likely due to who they are or what they do. The warnings come amid rising concerns over state-sponsored efforts to influence elections, though Apple did not comment on the timing.

Home Depot has confirmed that a third-party SaaS vendor that it uses was breached, leading to the exposure of 10k employee's data. The exposed information includes names, work email addresses, and user IDs. This information is not inherently sensitive but could be utilized in phishing attempts.

In an ongoing effort to combat DDoS attacks, Amazon Web Services (AWS) has made significant progress in tackling the long-standing issue of IP spoofing, which allows attackers to hide the source of attacks. In this interview, AWS explains its new approach in disrupting a decades-old problem that has given attackers a major advantage.

Google Public DNS uses multiple strategies like case randomization and DNS-over-TLS to protect users from cache poisoning attacks. These measures make it harder for attackers to manipulate DNS responses and improve security for users worldwide. Google Public DNS aims to enhance DNS security by actively implementing countermeasures and collaborating with the DNS community.

Hakluke describes his bug bounty automation process and its evolution. Hakluke began with a bash script before moving to a framework that relied upon Django admin commands. To scale better, Hakluke moved to a distributed Golang environment and now plans to move over to a Cloud Native solution.

Google Cloud has integrated its flagship Gemini language model into new AI-powered security tools unveiled at its Next 2024 event. These include Gemini in Threat Intelligence for conversational threat research, Gemini in Security Operations to assist in investigations and draft detection rules, and Gemini in Security Command Center to generate summaries of security alerts.

Knostic prevents the chatbots used by enterprises from sharing sensitive information with employees who should not have access to it.

Jigsaw is a tool to obfuscate raw shell code by outputting randomized shell code, a lookup table, and a C/C++ stub to reassemble it at runtime.

Google's Chrome Enterprise Premium promises to add security features at a cost of $6/user/month. Chrome Enterprise Premium supports enforcing policies, managing software updates and extensions, and some TCP protocols such as SSH and RDP. Early adopters have reportedly been getting value from it.

Research from the University of Pennsylvania reveals a concerning lack of privacy on hospital websites, with 96% transmitting user data to third parties like Google, Meta, and data brokers without explicit consent. Despite being places where privacy is expected, many hospitals employ tracking technologies and lack transparency, with only 56% of those with privacy policies disclosing the third parties receiving user information.

Researchers at Bitdefender have discovered multiple vulnerabilities affecting LG TVs running WebOS versions 4 through 7 that allow remote attackers to gain root access, execute arbitrary commands, and potentially drop malware or conduct lateral network attacks.

Google's Find My Device network has been updated to be able to locate offline Android devices and integrate some third-party trackers.

X briefly launched a change that automatically replaced any instance of x.com (even in cases like fedex.com) in its redirects with twitter.com. The feature has since been rolled back.

CISA is investigating a breach at Sisense, and has advised Sisense customers to reset their credentials due to possible data exposure.