Reading Time: ~2 min.

Venmo’s Public Data Setting Shows All

Researchers recently uncovered just how much data is available through the Venmo API, successfully tracking routines, high-volume transactions from vendors, and even monitoring relationships. Because Venmo’s privacy settings are set to public by default, many users have unknowingly contributed to the immense collection of user data available for all to view. In addition to purchases, users can also leave a personalized note for the transaction, some of which range from drug references to more intimate allusions.

Spanish Telecom Suffers Major Data Breach

One of the world’s largest telecom providers fell victim to a data breach this week that could affect millions of Movistar customers. The breach allowed current customers to access the account of any other customer, simply by altering the alpha-numeric ID contained within the account URL. While parent company Telefonica was quick to resolve the issue, the communications giant could be forced to pay a fine upwards of 10 million EUR for not complying with new GDPR rules.

DDoS Attacks Target Gaming Publisher

Yesterday, Ubisoft announced via Twitter that they were in the process of mitigating a DDoS attack affecting many of their online gaming servers. At least three of Ubisoft’s largest titles were affected, leaving thousands of players unable to connect to online services. While Ubisoft has likely resumed normal activity, they are not the only gaming publisher to be the focus of these types of attacks. Blizzard Entertainment suffered a similar attack as recently as last week.

ProCare Health Under Fire for Patient Info Database

At least four companies handling the IT needs of the healthcare system in New Zealand have come forward to disclose an extremely large database containing of identifiable information (PII) for more than 800,000 patients. The database in question holds records for many thousands of patients, most of which were gathered without consent from patients, as the company has no direct dealings with them, but instead works with doctors to accumulate more data.  While having such a large volume of data in one place can be risky, the security measures should equal the value of the data itself, which is still under scrutiny.

South Korea No Longer Main Target of Magniber Ransomware

Researchers have noticed over the past few weeks a significant trend involving the Magniber ransomware variant branching out from its long-time focus on South Korea to other Asian countries. Additionally, the source code itself has been vastly improved and has begun using an older exploit for Internet Explorer that would allow Magniber to increase infection rates across unpatched systems.

Connor Madsen

About the Author

Connor Madsen

Threat Research Analyst

As a Threat Research Analyst, Connor is tasked with discovering and identifying new malware variants, as well as testing current samples to ensure efficacy. Don’t miss the latest security news from around the world in his weekly Cyber News Rundown blog.

Facebook Comments
Share This