Internet Security Week - Edition Nº 45

In edition 45 of Internet Security Week , FBI takes down VPN service, ethical hacker wins 2 million dollars, employee phishing test and much more.

News

Bug allowed viewing private documents in Google Docs

A security vulnerability in Google Docs may have allowed attackers to steal screenshots of your confidential documents. This was caused by an incorrect post-message security configuration.

In Savebreach

Retrospective 2020: remember the worst cyber attacks

If there is any sector that benefited from the coronavirus pandemic, it was certainly cybercrime. Hackers took advantage of weaknesses and lack of security in times of home office, considerably increasing attacks against companies, employees and servers.

By Igor Shimabukuro in Olhar Digital

Email sent 'by yourself' applies scam with false threat of disclosing intimate video

Doubt clarifier comments on a scam that uses a false message to try to scare and convince victims of the existence of a supposed intimate video. Message demands payment so that the images are not published.

By Altieres Rohr in G1

Kawasaki discloses security breach, potential data leak

Japan's Kawasaki Heavy Industries announced a security breach and potential data leak following unauthorized access to a Japanese company's server from multiple overseas offices.

By Sergiu Gatlan in Bleeping Computer

How to identify security weaknesses on the company’s internet?

A company can only protect itself if it knows where attacks can come from. There's no point in having a giant shield in front of you if your back is unprotected.

By Kelvin Zimmer on Lumiun Blog

Whirlpool Corporation data is open on the dark web

Operators of the Nefilim ransomware dumped data on the dark web that they say belongs to Whirlpool Corporation, the controller of a large number of white goods factories, whose brands include Brazilian brands Brastemp and Consul.

In CISO Advisor

British police arrest 21 suspects of buying leaked passwords on the web

The house fell to 21 British citizens who decided to buy credentials — that is, login and password combinations — leaked onto the web.

By Ramon De Souza on FreeGameGuide

FBI takes down VPN service used by hackers

The action prevents access to a useful tool for cybercrime, the agencies say.

By Laura Hautala on CNET

Ethical hacker earns $2 million in rewards

Romanian Cosmin Iordache is the first ethical hacker to accumulate the amount. In the last 90 days alone, Iordache has earned around $300,000 in rewards.

In Savebreach

GoDaddy causes controversy when phishing tests on employees

They were promised a $650 vacation bonus from their company. It wasn't an act of corporate goodwill, however, but a particularly tone-deaf phishing test. And instead of extra money, those who failed were given extra work.

By Karissa Bell on Engadget

Nintendo set up surveillance operation against hacker

Leaked Nintendo documents have revealed a frightening surveillance operation carried out against a hacker who was researching exploits for the 3DS handheld. In addition to monitoring his private life, including aspects of his education, when he left home and where he went, the company tracked its target from his workplace to pressure him to stop his activities.

By Andy Maxwell in Torrent Freak

Apple loses copyright battle against security startup Corellium

Corellium, a security research company sued by Apple, has won an important legal victory against the iPhone maker.

By Reed Albergotti in The Washington Post

Ransomware attack takes down websites and service of Cemig, Companhia Energética de Minas Gerais

All Cemig services hosted on the Cemig.com.br domain, that is, both the institutional website and the customer services website, went offline.

In CISO Advisor

Attacks on suppliers, internet of things, 5G and fake pages: what to expect from digital security in 2021?

General Data Protection Law will come into force with the role of a regulatory agency, but new challenges and gaps in legislation are already appearing on the horizon.

By Altieres Rohr in G1

Company internet security: what is the employee’s role?

There is no doubt that the information of companies, of all sizes, is an irreplaceable asset, which in the event of loss, reduces their competitiveness and certainly financial losses. In this sense, investing in internet security for companies, especially for employee use, becomes increasingly necessary.

By Kelvin Zimmer on Lumiun Blog