Thankfully, the vulnerability has been patched.

Read more here

DNA-Testing Startup Veritas Genetics Discloses Security Breach

Veritas Genetics, a “whole genome sequencing company” that provides actionable insights for a healthier life and family, has disclosed a security breach containing the exposure of customer information.

The company discovered unauthorized access to its customer-facing portal and stated only a portion of its customers has been impacted. The company did not reveal further information on when or how long customer data has been exposed. In the company’s statement, it assured customers that DNA test results and health records were not accessed.

Read more here

Quiksilver and Billabong Affected by Ransomware Attack

One of the world’s largest brands of surfwear and board sport-related equipment manufacturers was hit by a ransomware attack that affected its subsidiaries, including Quiksilver, Billabong, DC Shoes, Element, and more. The attack forced the company to shut down multiple systems all over the world. And, employees were prohibited from turning on their computers until the system was cleaned.

The attack also affected many of its communications and sales/distribution networks. The systems seem to have been restored and are now operating normally.

Get more information here

Encrypted Emails on macOS Found Stored in Unprotected Way

Bob Gendler, an Apple IT specialist, has discovered a flaw in macOS computers in which emails that are supposed to be protected with encryption are stored in a .db file unencrypted, rendering the purpose of an encrypted email useless.

To be affected, an individual would have to “be using macOS and Apple Mail, as well as be using Apple Mail to send encrypted emails without using FileVault to encrypt the entire system.”

The flaw brings up the question as to what else is tracked and improperly stored within the operating system. Gendler informed Apple on July 29 regarding this issue, but Apple has yet to resolve or address it.

Read more here

Google Asks Three Mobile Security Firms to Help Scan Play Store Apps

Google has had a long history of battling malicious applications in its Play Store. To help maintain a safer and more cyber-conscious app environment, Google has partnered with three cybersecurity firms — ESET, Lookout, and Zimperium — to start a new project called the App Defense Alliance.

The App Defense Alliance aims to improve the security scans that Android apps go through before being published on the Play Store by utilizing various malware and threat detection engines.

Typically, when an app developer applies to be listed on the Play Store, the app is scanned using Google Play Connect and a Google-internal system called Bouncer. While these systems have caught numerous malicious applications, it hasn’t been perfect. Many malicious actors have developed mitigations to get past Bouncer and Play Protect scans, such as using a multi-stage delivery system.

In Google’s announcement, the company states that it is “integrating [its] Google Play Protect detection systems with each partner’s scanning engines” and “this will generate new app risk intelligence as apps are being queued to publish.”

As malicious applications are becoming more common, these additional processes appear to be a correct step in the never-ending process of battling trojans and other malware threats.

Read more here