It’s time again for our weekly look at the latest breaking news in cybersecurity and tech. This week, we’re looking at the US government vs. Google, the indictment of the Russian hacking group Sandworm, Amazon’s privacy violations, and recent CyberNews investigations.
You can read the full article, or watch the video below:
Justice Department files antitrust lawsuit against Google
It’s the biggest antitrust lawsuit since Microsoft in the late 90’s. The US Department of Justice along with 11 states filed an antitrust lawsuit against Google for abusing its position to maintain an illegal monopoly over internet search and search advertising.
The US vs Russian hackers ‘Sandworm’
The Department of Justice is on a roll, this week finally indicting the Russian hackers known as Sandworm.
About five years ago, Sandworm was behind the first-ever cyberattack to cause a blackout, when the hacking group turned off power for 250,000 Ukrainians. They did it again in Kyiv in 2016, then the NotPetya worm in 2017 that caused $10 billion in damage Ukraine, and then a cyberattack on the 2018 Winter Olympics in South Korea.
Amazon violates privacy again
Amazon is being hit with a class-action lawsuit in Illinois for apparently storing biometric voice data on its servers. The lawsuit claims that Amazon did not get the callers’ consent to have their data collected stored on its servers, and failed to publicly disclose its data retention policies.
At CyberNews, we discovered that teamDigital, the marketing agency for such giants as the NFL, Mastercard, MLB, Soundcloud and more was exposing their clients’ data via multiple environment config files.
We also found that Panion, the Swedish social media platform, had an unprotected bucket containing more than 2.5 million user records. This includes full names, emails, genders, interests, and location coordinates, as well as selfies and document photos.
Lastly, our research team found that the popular MMO game Street Mobster, which has nearly 2 million players, stores a user record database that can be accessed by threat actors by committing an SQL Injection (SQLi) attack on the game’s website.