Weekly Roundup: Governments Rack Up Customer Data Demands from Amazon

Today’s Security Roundup includes:

• A 800% increase in demand for Amazon customer data
• Google’s zero-day vulnerability
• Cyberattack on Woodland Trust
• Iran’s bans Signal messaging app
• Spyware fake WhatsApp hacking

While many news agencies, articles and reports take a look back at the year 2020, it’s time to reflect at the current year 2021 – the most anticipated year amid COVID era.

Even with the pandemic in full swing, cybercriminals have spared no chance in carrying out cyberattacks resulting in massive data breaches. Just a few weeks in to 2021, several companies have reportedly been a victim of data breach including Socialarks, Mimecast, Pixlr, Parler, Ubiquiti Inc, VIP Games and many more.

Amazon Reports 800% increase in Government Requests for their User Data

New transparency figures released by Amazon reveal that the company responded to a never witnessed number of government data demands during the last six months of 2020. That user data includes shopping searches and data from its Echo, Fire, and Ring devices.

According to Amazon, the company processed 3,222 demands in the first six months of 2020 and saw a momentous increase of 27,664 requests in the last six months of 2020.

Nearly half of the data requests were made by the German government of which Amazon turned over user data of 52 cases. Keep in mind that the company distinguished requests for Amazon Web Services data separately.

Hackers Are Vigorously Exploiting a Chrome Zero-Day Vulnerability

Google issued a statement warning users of a zero-day vulnerability in its V8 open-source web engine that’s currently being actively exploited by attackers.

Instantly, Google issued a patch to their version 88 of the Chrome browser (88.0.4324.150), fixing the vulnerability on Windows, Mac and Linux devices. According to Google, this update will roll out over the coming days and weeks.

Fortunately, Google auto-installs updates of their browser on your computer. However, it’s better to double-check if your browser is updated with the latest patch.

Woodland Trust Charity Witnesses a High Level Cyberattack

Cybercriminals spare no entity as a UK based charity known for protecting and restoring woodland in the UK has been a victim of a “sophisticated, high level” cyberattack.

The company published a security incident notification on their website stating that attackers gained unauthorized access to the charity’s IT systems in December 2020. The following statement was issued by Woodland Trust:

“We believe the incident took place after 7pm on 14 December,” stated the charity in its security notification. “As soon as we became aware of the incident, we took immediate action to mitigate the impact, appointing a number of third-party experts including forensic IT specialists and legal counsel, to determine the nature of the criminal activity.”

Currently, an investigation is in progress to figure out what, if any, data held by Woodland Trust was compromised. The company spontaneously disconnected their IT systems to prevent any further unauthorized access from taking place. Woodland complies with the GDPR rules and claims that in the event of confirmed data loss, they will identify and inform those affected immediately.

WhatsApp’s Privacy Concerns Spike Signal Downloads

As we move towards globalization, internet restrictions keep on increasing in multiple parts of the world.

Due to ever-increasing WhatsApp privacy concerns, the world witnessed a huge surge in Signal app. This led Iran’s government to block Signal after Iranians flocked to the messaging platform because of WhatsApp’s privacy concerns.

However, developers at Signal have engineered a workaround, putting out instructions for individuals to set up their own TLS proxies that will let people in Iran bypass the blockade. You need a little bit of know-how, but each virtual private server can support hundreds of users at once.

Spyware Vendor Develops a Fake WhatsApp to Trick Targets

The Italian surveillance company, Cy4Gate, has been linked to develop a fake version of WhatsApp. The app was designed to trick iPhone users into installing a fake version of the popular WhatsApp application. The intention of the app was to potentially gather information about specific individuals.

Bill Marczak, a researcher from Citizen Lab made the following statement:

“I think it is targeted, I don’t think they were trying to spread this around.”

This is a clear reminder that iPhone and Android users should stick to official app stores (App Store and Google Play Store). At the same time, users shouldn’t give permissions to apps they don’t trust.