Bitglass Security Spotlight: LinkedIn, Vector, and AWS
Blog Article Published: 05/17/2018
By Jacob Serpa, Product Marketing Manager, Bitglass Here are the top cybersecurity stories of recent weeks: —LinkedIn security gap exposes users' data —Vector app reveals customers' information —AWS misconfiguration makes LocalBlox user information public —New malware steals data via power lines —Banking apps deemed the most unsecured LinkedIn security gap exposes users' data LinkedIn's AutoFill functionality was recently discovered to be easily exploitable. The feature allows users to have fields on other websites automatically populated with information from their LinkedIn accounts (for rapid registrations and logins, for example). Researchers quickly realized that this could be exploited by malicious websites that initiate AutoFill, regardless of where visitors click, in order to steal information. Vector app reveals customers' information New Zealand energy company, Vector, developed an application designed to update users on the status of their power; for example, by providing estimates on when power might return during outages. Unfortunately, the app didn't provide the functionality that the company originally intended. Additionally, it made all of its users' information (including home address) accessible to anyone who downloaded the app. AWS misconfiguration makes LocalBlox user information public Another AWS misconfiguration has exposed the personal information of various individuals – 48 million of them. LocalBlox, which gathers information from public online profiles, was recently found to be leaking Twitter, Facebook, and LinkedIn information through an unsecured AWS S3 bucket. Leaked information included email addresses, job histories, and even IP addresses in some cases. New malware steals data via powerlines PowerHammer, a new type of malware, can steal data in a variety of complex, frightening ways. For example, through computers' power cables. To learn more about the ins and outs of PowerHammer, click here. Banking apps deemed the most unsecured A recent study found that banking applications are typically the most vulnerable type of cloud app. Despite the fact that these services are used by hundreds of millions of people, they consistently hold security flaws that leave them open to the advances of hackers. Learn more about cloud access security brokers (CASBs) and how they can help you secure data in our cloud-first world with the Definitive Guide to CASBs.