Cyber Updates – 14/01

Cyber Updates – 14/01

Hey all,
Here are this week’s cyber updates.
(1) I’m pretty sure most of you are aware of Google Chrome’s (as well as other browser’s) auto fill feature. This feature allows Chrome to automatically fill your personal information in websites in order to speed up registration processes.
What most of you don’t know is that hidden fields are auto-filled, and thus submitted to the website’s owner. This allows the website to collect personal information without the user’s consent.
If you didn’t understand this one, please let me know and I’ll send you a link to another website, with an example of stealing your credit card info J
(2) Cellebrite, the Israeli-based company that allegedly helped the FBI to hack the iPhone, was hacked.
The my.Cellebrite database has been hacked, allowing the hackers to extract over 900GB of customers’ data.
(3) The Brazilian government has accidentally twitted a link to a Google Drive Excel spreadsheet, which contained a list of plain text passwords for social media accounts (Facebook, Gmail, Twitter, Instagram and more).
It appears as if the tweet contained by accident a copy-paste link to the spreadsheet instead of the intended URL.
They really should be more careful with their tweets, but more than that, I couldn’t help but wonder why they didn’t enforce any permissions on Google Drive…
Stay tuned for more updates,
Dan Gurfinkel
Head of Offensive Security & Response Unit
Comsec by HUB Security logo
We are sorry to hear you have a problem, but we are here to help!

Our Hot Line is ready to provide
immediate assistance 24/7

Calling from Israel?

+972 747047472

Calling from anywhere else?

+31202170634

Comsec by HUB Security logo

We are sorry to hear you have a problem, but we are here to help!

Our Hot Line is ready to provide immediate assistance 24/7

Skip to content