Friday Five 9/2 | Digital Guardian

The Industry’s Only SaaS-Delivered Enterprise DLP

Our unique approach to DLP allows for quick deployment and on-demand scalability, while providing full data visibility and no-compromise protection.

No-Compromise Data Protection is:

  • Cloud-Delivered
  • Cross Platform
  • Flexible Controls
DATAINSIDER

Digital Guardian's Blog

Friday Five 9/2

by Robbie Araiza on Friday September 2, 2022

Contact Us
Free Demo
Chat

Data privacy concerns were at the forefront of this week’s cybersecurity news but phishing and ransomware attacks are still making waves. Read about these stories and more in this week’s Friday Five!

1. FTC sues data broker that tracks locations of 125M phones per month by Dan Goodin

After Idaho-based data broker Kochava elected to sue the Federal Trade Commission two weeks ago, the FTC has counter-sued and released a formal complaint, claiming that Kochava sold location data pulled from roughly 125 million phones. According to the complaint, in the data made available by Kochava, "it is possible to identify a mobile device that visited a women's reproductive health clinic and trace that mobile device to a single-family residence." The complaint also alleges that this data can be used to track people's visits to homeless shelters, domestic abuse shelters, and places of worship, among other sensitive locations. Read the full story from Ars Technica for a more detailed look into the FTC's complaint and to see how Kochava has responded to the lawsuit.

Read more

2. Over 1,000 iOS apps found exposing hardcoded AWS credentials by Bill Toulas

Security researchers found this past week that over 1,800 mobile applications, most running on iOS, contain hard-coded AWS credentials that could allow bad actors to access private databases or lead to data breaches. According to the researchers, over three-quarters of those applications contained valid AWS access tokens, which could be used for direct access to private cloud services, while over 800 applications contained valid AWS tokens that could help bad actors access live-service databases that hold millions of sensitive records. Read the full story from BleepingComputer to find out what could be causing this issue and to learn about a few real world examples.

Read more

3. James Webb telescope images used to hide malware by Pieter Arntz

Bad actors have been running an unorthodox phishing campaign to spread malware involving the use of James Webb telescope images in malicious Microsoft Office attachments. According to Securonix’s threat research team, once the victim opens the attachment and the malicious template file is downloaded, a command will download a .jpg file—which in this case is an image from the James Webb telescope—that is hiding malicious Base64 code. Pieter Arntz of Malwarebytes Labs provides more details on how such an attack is possible in his full story.

Read more

4. Most top mobile carriers retain geolocation data for two years on average, FCC findings show by Tonya Riley

According to recent information published by the Federal Communications Commission, 10 of the 15 top mobile carriers collect and retain consumers’ sensitive geolocation data for roughly two years on average. FCC chairwoman Jessica Rosenworcel says "[this information is] a record of where we’ve been and who we are. That’s why the FCC is taking steps to ensure this data is protected.” Read more about which providers responded to the FCC inquiry and why those providers often don’t give consumers an option to opt out of such invasive data collection.

Read more

5. Ransomware attacks jump as new malware strains proliferate, research finds by AJ Vicens

According to cybersecurity firm NCC Group, ransomware cases rose by 47% this past July compared to the month before, 62 cases of which were linked to LockBit ransomware group. Hive and BlackBasta, which are both affiliated with Conti, were responsible for the next most attacks, respectively.

Read more

Tags: Data Privacy, Phishing, Ransomware

Recommended Resources


  • The seven trends that have made DLP hot again
  • How to determine the right approach for your organization
  • Making the business case to executives
  • Why Data Classification is Foundational
  • How to Classify Your Data
  • Selling Data Classification to the Business

Robbie Araiza

Robbie is a Content Creator for the Data Protection team at HelpSystems. Prior to joining the organization, he studied psychology and social work at Texas State University in San Marcos, TX.