Fri. Jun 5th, 2020

Layer 7 Weekly Round Up: 9/16 Edition

THE BIG STORY

1. Don’t make your Google Calendar public, here’s why

If you’ve ever made your Google Calendar public, you might be inadvertently sharing private information online. How? Because of a feature in Google’s Calendar setting. It’s important to note, however, that no actual vulnerability exists within Google Calendar, but many experts believe that Google didn’t sufficiently warn users about the ramifications of making their calendar public.

 

WE’RE KEEPING AN EYE ON

2. Researchers unveil new insights into Smominru botnet

Researchers at Guardicore Labs gained access to a Smominru command-and-control server and found that the cryptocurrency mining and credential-stealing botnet has indiscriminately hacked over 90,000 computers around the world in August alone.

 

WORTH NOTING

3. Two popular Chrome ad blocker extensions caught ‘cookie stuffing’

In a blog post, it was revealed that two widely used ad-blocker extensions — “AdBlock” by AdBlock Inc. and “uBlock” by Charlie Lee — are fake. Along with impersonating the name of legitimate ad-blocking extensions, the malicious actors behind the fraudulent extensions were also caught “cookie stuffing.”

 

INCIDENTS

4. Shortly after it was acquired for $80m, Thinkful reports data breach

In an email to users, Thinkful, an online education site for developers, revealed that it was the victim of a data breach. Not much is known about the breach, but it’s worth noting, however, that the revelation comes two weeks after Thinkful was purchased by Chegg. Now many are wondering if the Thinkful was aware of the breach before its acquisition earlier this month.

 

5. LastPass fixes bug that could let malicious sites steal your credentials

After a researcher from Google’s Project Zero discovered a flaw in the password manager that could allow malicious sites to get unauthorized access to usernames and passwords, LastPass patched the vulnerability.

 

INTERESTING READ

6. Poll: Two-thirds of Americans want to break up companies like Amazon and Google

This election year is unique for many reasons. One of those reasons being that this marks the first time that Congress is aggressively going after big tech companies. But, it appears that the government is not alone — a poll from Data for Progress revealed that Americans are pretty on board with breaking up big tech. — Vox