November 20, 2024 at 08:49AM Amazon, Amazon Music, and Audible have experienced an influx of fake listings promoting dubious forex trading sites, pirated software, and spammy links. These listings, including zero-second audio episodes, exploit the platforms for SEO manipulation. The issue highlights a broader problem of spam in digital content distribution. ### Meeting Takeaways: 1. … Read more
November 11, 2024 at 02:11PM Amazon confirmed a data breach involving over 2.8 million employee records, leaked by a threat actor named Nam3L3ss. The data, stolen from a third-party vendor, included work contact information but no sensitive details. The breach is tied to the MOVEit attacks that affected numerous organizations globally in May 2023. ### … Read more
October 16, 2024 at 04:55AM FIDO Alliance released new specifications for securely transferring passkeys between providers, coinciding with Amazon’s announcement of 175 million passkey users. This development highlights advancements in passkey technology and its growing adoption in securing user authentication. **Meeting Takeaways:** 1. **FIDO Alliance Update**: The FIDO Alliance has released new specifications aimed at … Read more
May 24, 2024 at 06:29PM The Federal Trade Commission shared data on the most impersonated companies in 2023, with Best Buy, Amazon, and PayPal topping the list. Scammers made varying amounts depending on the impersonation, with Microsoft impersonators leading at $60 million and Comcast plus Xfinity scammers at the lowest with $2 million. Scammers use … Read more
January 11, 2024 at 10:41AM Former Microsoft product head Panos Panay has left to lead Amazon’s product division, aiming to enhance their device ecosystem, including Alexa, Echo, and Fire TV. The rising number of IoT devices presents security concerns, especially as consumer devices infiltrate commercial networks. Amazon’s plans to expand its device range could compound … Read more
October 10, 2023 at 07:58PM Microsoft has released over 100 security updates, including fixes for two bugs that are already being actively exploited. One of the vulnerabilities, known as Rapid Reset, is an HTTP/2 weakness that has been used since August to launch distributed denial of service (DDoS) attacks. Microsoft WordPad also has an information … Read more
October 10, 2023 at 09:54AM A new zero-day vulnerability called ‘HTTP/2 Rapid Reset’ has been exploited by malicious actors to launch massive distributed denial-of-service (DDoS) attacks. Cloudflare, Google, and AWS have all experienced record-breaking attacks, with the largest reaching 398 million requests per second. The attacks leverage a feature in the HTTP/2 protocol and have … Read more
October 9, 2023 at 04:11PM Proof-of-concept (PoC) exploits for the critical buffer overflow vulnerability in the GNU C Library (glibc) have been developed, putting Linux systems at risk. The flaw, disclosed by Qualys researchers, could lead to unauthorized data access and system alterations, potentially granting attackers root privileges. Linux root takeovers are highly dangerous as … Read more