Cyber Security Headlines: Amazon cuts 10,000, FIFA apps warning, breach impact 98%

Amazon to cut 10,000 employees in tech and corporate roles

Amazon is planning to lay off 10,000 employees in technology and corporate roles beginning this week. The layoffs would be the largest in the company’s history and will impact Amazon’s devices organization, retail division, and human resources. The news follows Meta who laid off 11,000 employees last week and Twitter which laid off almost 50% of its workforce. 

(CNBC)

Privacy experts cautious about FIFA World Cup Apps

The FIFA World Cup in Qatar starts in just a few days and has been mired in controversy since the country won the hosting honor. Now privacy experts say that two official apps are cause for concern. Ehteraz is a Covid-19 tracking app and Hayya follows fans’ entrance to and from the stadium. The latter requires full network access and unrestricted access to personal data. Øyvind Vasaasen, the head of security at the Norwegian Broadcasting Corporation (NRK) said, “It’s not my job to give travel advice, but personally, I would never bring my mobile phone on a visit to Qatar.”

(Cybernews)

98% of organizations have been severely impacted by cyber supply chain breach

A recent report cited 98% of respondents experienced negative impacts of a cyber breach in their supply chain, according to a new report. The annual report also found that 40% of respondents rely on third-party vendors or suppliers to ensure security. The industry as a whole reported a lack of understanding and communication across the enterprise regarding the role of cybersecurity. 

(Security Magazine)

Russian software disguised as American fools U.S. Army

Thousands of smartphone applications in Apple’s and Google’s online stores contain computer code developed by a technology company, Pushwoosh, that presents itself as based in the United States but is actually Russian. In response to the findings, the CDC removed Pushwoosh software from seven public-facing apps. 

(Reuters)

Thanks to this week’s episode sponsor, AppOmni

Can you name all the third party apps connected to your major SaaS platforms like Salesforce and Microsoft? What about the data these apps can access? After all, one compromised third party app could put your entire SaaS ecosystem at risk.With AppOmni, you get visibility to all third party apps, including which end users have enabled them, and the level of data access they’ve been granted. Visit AppOmni.com to request a free risk assessment.

K-12 schools lack funding to combat ransomware threat

Many K-12 schools are targets for malicious cyberattacks, according to a report from the Multi-State Information Sharing and Analysis Center. The report found that 20% of schools spend less than 1% of their IT budgets on security. Schools are a lucrative target for stealing data and can surpass $1 million to remediate. The Los Angeles Unified School District was targeted by a ransomware attack in September which was linked to the Vice Society.

(Cybersecurity Dive)

Anti-Fraud police arrest 59 suspected scammers

An anti-fraud operation across 19 European countries resulted in the arrest of 59 suspected scammers. The month-long operation in October as part of the e-Commerce Action initiative led by Europol’s European Cybercrime Centre (EC3) and the Merchant Risk Council. Police tracked down locations where fraudulently purchased goods were delivered and were assisted by banks, merchants, and logistic companies. Strong Customer Authentication (SCA) became mandatory across Europe under the Payment Services Directive (PSD2) but fraudsters are still finding ways to mess with merchant verification systems.

(Infosecurity)

RCE flaw reported in Spotify’s Backstage software catalog

Backstage from Spotify has been discovered as vulnerable to a security flaw that could gain remote code execution by leveraging a disclosed bug in a third-party module. Backstage is an open-source developer portal that allows users to explore, create, and manage software components from a unified front door and is used by big companies like Netflix, Expedia, and Roku.

(Hackernews)