<img height="1" width="1" style="display:none" src="https://www.facebook.com/tr?id=1678611822423757&amp;ev=PageView&amp;noscript=1">

Podcast: The Biggest IT Stories from April 2018

Jeff Edwards| May 04 2018

| Podcasts


New month, new IT stories, and some (not so) new security problems. And what a month it’s been! From data leaks to the jailbroken Nintendos, April kept us on our toes.

Data Firm Leaks 48 Million Profiles on—Surprise—an Open S3 Bucket

This story combines two of our favorite topics: leaky S3 buckets, and sketchy data collection practices. Here's what went down: A small, Bellevue, WA-base data firm, Localblox, build 48 million personal profiles by scraping social networks such as Facebook, LinkedIn, Twitter, and real estate site Zilllow—all with out the knowledge or consent of scraped users. 

According to the firm, LocalBlox "automatically crawls, discovers, extracts, indexes, maps and augments data in a variety of formats from the web and from exchange networks," and then, presumably, uses that information as marketing data. 

Earlier this year, the company hit a bit of a snag with that business plan when they left a store of profile data on a public but unlisted Amazon S3 storage bucket without a password, which would allow anyone with the address of the database to download the info within. 

The bucket in question,"lbdumps," contained a file that unpacked to a single file over 1.2 terabytes in size. In that file were the afformentioned 48 million individual records scraped from public profiles. Just Great. 

Luckily, the leaky bucket, and the data within was discovered by Chris Vickery, director of cyber risk research at security firm UpGuard. Vickery then disclosed the leak to Localblox's chief technology officer and the bucket was secured hours later.

Via ZDnet.

Nvidia Mobile Processor Vuln Puts Nintendos at Risk

According to security researchers, devices built on Nvidia's Tegra X-1 mobile processor are at risk of attack from an exploit chain known as "Fusée Gelée," which allows anyone to run code on the processor by overloading a buffer during boot-up. 

The exploit was discovered by Katherine Temkin and a team at ReSwitched, who say that it affects any device running the Nvidia chip, including some Chromebooks and the Nintendo Switch gaming console—bad news for Zelda fans. 

"Fusée Gelée isn't a perfect 'Holy Grail' exploit -- though in some cases it can be pretty damned close," Temkin wrote.

According to Temkin, because the vulnerability is the result of a coding mistaing in the bootROM, the vulnerability cannot be patched. 

However, the flaw requires physical access to the device, so it's unlikely to be a major target for hackers. 

Via Technewsworld. 

Fake Ad-Blocker Extensions Were Downloaded 20 Million Times

Fake ad-blockers listed at the top of Google Chrome's web extension store were downloaded by 20 million unsuspecting victims before Google pulled the plug on the phony apps, according to a report published by AdGuard. 

The fake extensions featured names that played on popular adblockers, like "UBlock Adblock," a Ublock Origin fake, and could harvest info on users, including browsing history and IP adresses. Some of the fake extensions could even execute commands on chrome, effectively turning infected devices into a botnet. 

Via Engadget. 

Topics: Podcasts

Leave a Reply

Your email address will not be published. Required fields are marked *


Jeff Edwards is a tech writer and analyst with three years of experience covering Information Security and IT. Jeff has written on all things cybersecurity, from APTs to zero-days, and previously worked as a reporter covering Boston City Hall.

Free Trials

Getting started has never been easier. Download a trial today.

Download Free Trials

Contact Us

Let us know how we can help you. Focus on what matters. 

Send us a note

Subscribe to our Blog

Let’s stay in touch! Register to receive our blog updates.