Bitglass Security Spotlight: LinkedIn, Vector, and AWS

LinkedIn security gap exposes users’ data

LinkedIn’s AutoFill functionality was recently discovered to be easily exploitable. The feature allows users to have fields on other websites automatically populated with information from their LinkedIn accounts (for rapid registrations and logins, for example). Researchers quickly realized that this could be exploited by malicious websites that initiate AutoFill, regardless of where visitors click, in order to steal information. 

Vector app reveals customers’ information

New Zealand energy company, Vector, developed an application designed to update users on the status of their power; for example, by providing estimates on when power might return during outages. Unfortunately, the app didn’t provide the functionality that the company originally intended. Additionally, it made all of its users’ information (including home address) accessible to anyone who downloaded the app. 

AWS misconfiguration makes LocalBlox user information public

Another AWS misconfiguration has exposed the personal information of various individuals – 48 million of them. LocalBlox, which gathers information from public online profiles, was recently found to be leaking Twitter, Facebook, and LinkedIn information through an unsecured AWS S3 bucket. Leaked information included email addresses, job histories, and even IP addresses in some cases. 

New malware steals data via powerlines

PowerHammer, a new type of malware, can steal data in a variety of complex, frightening ways. For example, through computers’ power cables. To learn more about the ins and outs of PowerHammer, click here. 

Banking apps deemed the most unsecured

A recent study found that banking applications are typically the most vulnerable type of cloud app. Despite the fact that these services are used by hundreds of millions of people, they consistently hold security flaws that leave them open to the advances of hackers. 

Photo:Security Magazine