Virtual keyboard app exposes millions of personal records, contact lists through MongoDB database

Security Digest Information security news and advice from TechTarget's network |December 6, 2017 FEATURED STORY Keyboard data leak exposes millions of personal records by Michael Heller, Senior Reporter A keyboard data leak by mobile developer Ai.type exposed millions of personal records through misconfigured MongoDB database settings. (SearchSecurity.com) Advertisement NEWS   Apple High Sierra patch undone by macOS update Apple released a High Sierra patch to fix a serious macOS authentication vulnerability discovered last week, but users could accidentally undo the patch with a routine OS update. (SearchSecurity.com)   Proposed data breach legislation could put executives in jail Democratic senators have proposed data breach legislation that could lead to jail time for some executives who conceal breaches and fail to disclose them to consumers. (SearchSecurity.com)   Risk & Repeat: Uber data breach has implications for infosec In this week's Risk & Repeat podcast, SearchSecurity editors discuss the Uber data breach, which was concealed by company officials, and the ethics of data breach disclosure.  (SearchSecurity.com)   Ex-NSA employee pleads guilty to removing classified data The former NSA employee reportedly responsible for exposing classified data to Russian government hackers pleaded guilty and faces a maximum of 10 years in prison. (SearchSecurity.com)   Leaked NSA Ragtime files hint at spying on U.S. citizens Exposed data included new information on the NSA Ragtime intelligence-gathering program, but it is unclear if the evidence proves Americans were targeted. (SearchSecurity.com)   Yahoo data breach hacker pleads guilty to cybercrime charges One of the Yahoo data breach hackers pleaded guilty to his involvement in the attack. Plus, the FBI failed to notify U.S. officials that they were targets of Fancy Bear, and more.  (SearchSecurity.com) EXPERT ADVICE   Active Cyber Defense Certainty Act: Should we 'hack back'? With the proposal of the Active Cyber Defense Certainty Act, individuals would be able to 'hack back' when information is stolen. Matt Pascucci makes the case against the bill. (SearchSecurity.com)   Is cloud microsegmentation secure enough for enterprise use? The use of cloud microsegmentation in enterprises has been met with some hesitation. Expert Dave Shackleford discusses why there are reservations and what the benefits are. (SearchCloudSecurity.com)   Data breach litigation: What enterprises should know Data breach litigation can be highly detrimental to an organization that just suffered a major security incident. Find out what kinds of legal action enterprises could face in the event of a data breach. (SearchSecurity.com)   PGP keys: Can accidental exposures be mitigated? The accidental publication of an Adobe private key could have put the company in jeopardy. Matt Pascucci explains how it happened and how to better protect PGP keys. (SearchSecurity.com) About This E-Newsletter This e-newsletter is published by the TechTarget network. To unsubscribe from Security Digest, click here. Please note, this will not affect any other subscriptions you have signed up for. TechTarget Security Media Group, 275 Grove Street, Newton, MA 02466. Contact: webmaster@techtarget.com Copyright 2017 TechTarget. All rights reserved.