Friday Five 9/23 | Digital Guardian

The Industry’s Only SaaS-Delivered Enterprise DLP

Our unique approach to DLP allows for quick deployment and on-demand scalability, while providing full data visibility and no-compromise protection.

No-Compromise Data Protection is:

  • Cloud-Delivered
  • Cross Platform
  • Flexible Controls

Digital Guardian's Blog

Friday Five 9/23

by Robbie Araiza on Friday September 23, 2022

Contact Us
Free Demo

Experts are growing worried that the next cyber attack could come from an unlikely source, like an open source component or even your web browser’s spell checker. Read about this news and more in this week’s Friday Five!

1. Data Scientists Dial Back Use of Open Source Code Due to Security Worries by Robert Lemos

Vulnerabilities found in open source components have caused nearly 40% of a recent survey's respondents to cut back on their use of such components, according to Anaconda's 2022 State of Data Science report released this past week. According to Anaconda's CEO, Peter Wang, "We see a tremendous portion of people who are at organizations where IT has created a very strict posture around open source and Python," he says. "These are not expert developers. ... They are data scientists and machine learning people who may not be very seasoned developers at all, using whatever they could download to do their analysis, and then they handed that over that to IT." Read the full story from Robert Lemos at Dark Reading to find out why some data scientists are becoming concerned, why software companies aren't scaling back on their use of open-source components, and why there appears to be a disconnect between the two sides.

Read more

2. Hacking group focused on Central America dumps 10 terabytes of military emails, files by AJ Vicens

A hacking group known as Guacamaya released a 10-terabyte dump of records from military and police agencies in Chile, Colombia, El Salvador, Mexico, and Peru, including emails and other materials. This marks the group’s fourth data dump since this past March. To learn more about the hack and what type of information was leaked, read AJ Vicens' story.

Read more

3. Google, Microsoft can get your passwords via web browser's spellcheck by Ax Sharma

Concerns have been raised about the security of data transmitted through web browsers’ spell-check features, with Google Chrome and Microsoft Edge most recently coming under the magnifying glass. While their basic spell-check features aren’t said to raise any red flags, Chrome’s Enhanced Spellcheck and Microsoft Editor both transmit form data—which could include PII or passwords—leaving many concerned about their data privacy and a potential security incident in the future. Read the full, in-depth report from Ax Sharma at BleepingComputer to find out more about how this potential privacy issue was discovered and how these spell-check features can be toggled on and off.

Read more

4. The record-setting DDoSes keep coming, with no end in sight by Dan Goodin

In a statement this past Monday, Imperva reported that they defended a customer against a DDoS attack with over 25 million requests, peaking at more than 3.9 million requests per second. According to Imperva, "[The] attackers used HTTP/2 multiplexing, or combining multiple packets into one, to send multiple requests at once over individual connections. This technique can bring servers down using a limited number of resources, and such attacks are extremely difficult to detect." This attack is only one example of a quickly growing DDoS arms race. Read the full story from Dan Goodin at Ars Technica to find out more about this attack and others from recent months.

Read more

5. Bitdefender releases free decryptor for LockerGoga ransomware by Bill Toulas

Cybersecurity firm Bitdefender recently released a decryptor that can be used by those locked out of their systems by LockerGoga ransomware. The decryptor is said to work both on individual machines as well as entire networks. In the wake of the arrest of 12 threat actors tied to LockerGoga, the ransomware’s source code was never released. This decryptor will allow those that refused to pay the ransom to recover their files for free.

Read more

Tags: Vulnerabilities, DDoS, Data Privacy, Ransomware

Recommended Resources

  • The seven trends that have made DLP hot again
  • How to determine the right approach for your organization
  • Making the business case to executives
  • Why Data Classification is Foundational
  • How to Classify Your Data
  • Selling Data Classification to the Business

Robbie Araiza

Robbie is a Content Creator for the Data Protection team at HelpSystems. Prior to joining the organization, he studied psychology and social work at Texas State University in San Marcos, TX.