Google Docs bug exposes users private documents

Google has patched a bug in its feedback tool that allowed attackers to steal screenshots of sensitive Google Docs documents. The bug was discovered on July 9 as part of a bug bounty program and was located within its “Send feedback” or “Help Docs improve” option that allows users to send feedback along with an option to include a screenshot. Whenever a screenshot of the Google Docs window was included, the bug was able to redirect the RGB values of every pixel to a different location.

(The Hacker News)

Kawasaki discloses security breach, potential data leak

Kawasaki Heavy Industries is a Japanese multinational corporation with over 35,000 employees, active in the heavy equipment, rolling stock, automotive, aerospace, and defense industries. An internal audit revealed unauthorized access to its networks occurred in June and July of 2020 from servers in Thailand, Indonesia, the Philippines, and the United States. Although there is no evidence of data having been leaked, Kawasaki has chosen to announce the breach, since its servers handle sensitive personal and social infrastructure-related information.

(Bleeping Computer

Brexit deal warns of security dangers of Netscape Communicator

A Brexit negotiation deal document, completed on Christmas Eve in anticipation of January approval by the European Parliament, came complete with references to “modern e-mail software packages including Outlook, Mozilla Mail as well as Netscape Communicator 4.x.” The document also recommends using 1024-bit RSA encryption and the SHA-1 hashing algorithm, which are both outdated and vulnerable to cyber-attacks. The references are evidence of a document that was copied and pasted from earlier EU draft legislation with little input or oversight from technology experts, from, as news site Hackaday puts it, a tired civil servant.

(Hackaday)

Aida Cruises cancels trips due to mysterious “IT restrictions”

The German cruise line, a subsidiary of Carnival, sent a notice of cancellation of its New Years Eve cruise due to IT restrictions affecting the company’s’ phone systems and email, which have made contact with the cruise line’s offices impossible. German media outlet NDR also states that a German public prosecutor’s office is investigating whether this is a cyber attack on the AIDA cruise line. Its sister company, Costa Crociere, is also currently affected by an IT outage.

(Bleeping Computer)

Thanks to our episode sponsor, ReversingLabs

We’ve seen a 430% growth in next generation cyber attacks actively targeting open-source software projects. Worse yet, contemporary malware implements evasive techniques to avoid detection by AV and Sandbox technologies. What can you do to stay on top of these new threats? Learn more about how ReversingLabs can help your software development teams today and watch an on-demand demo at reversinglabs.com/demo.

VMware sues former COO for moving to Nutanix

The company is claiming that Rajiv Ramaswami had inside knowledge of the key plans of his former company and that he should have told them that he was interviewing for a job at a rival organization. It goes on to claim that at the same time he was working with VMware he was secretly meeting with at least the CEO, CFO, and the entire Board of Directors of Nutanix, Inc. to become Nutanix’s Chief Executive Officer. Experts suggest the suit has little chance of succeeding but it does shine a light on what is considered acceptable behavior among high ranking tech sector executives.

(TechCrunch)

Treasury Department warns of increase in vaccine-related fraud and cybercrime

In a notice sent yesterday, the U.S. Treasury Department warned of an uptick in cyberattacks and scams linked to covid-19 vaccines, and identified scams linked to the vaccination efforts that may include counterfeit vaccines. Additionally, criminal groups are offering legitimate doses of the vaccines as they work to get their hands on the real thing. It stated also that ransomware remains a top concern and financial institutions are being asked to remain vigilant, particularly of supply chains required to manufacture the vaccine.

(Gizmodo)

Don’t forget, Flash dies tomorrow

As we reported two weeks ago, and as Adobe itself has said for three years now,  the company will pull the software on December 31. The final update for Flash Player has now been released, and any Flash player software still installed will no longer receive any security patches. Adobe will block Flash content from running in Flash Player beginning January 12 2021. Adobe strongly recommends all users immediately uninstall Flash Player to help protect their systems.

(Softpedia)

The cloud generates a brick and mortar boom for data centers

One silver lining to increased cloud-based activity, especially in the surge of work from home and lockdown, has been the growth in the demand for and building of physical data centers needed to store and serve ever increasing amounts of data. Companies that lease space in such facilities, like Cyxtera, JLL, and CBRE are observing increasing demand moving in Iockstep with a massive shift in capital toward this industry from big investment funds like Goldman Sachs. Real estate investment trusts focused on data centers delivered returns of 19 percent in the first half of 2020 — one of only two REIT sectors that showed growth, according to a recent report by JLL. (The other sector, industrials, yielded a modest 2 percent return.) By comparison, returns for hotel and resort REITs plunged 49 percent, those for retail fell 37 percent and office space dropped 25 percent.

(New York Times)