Welcome to the seventh edition of the Secjuice Squeeze, where we present a selection of last weeks interesting infosec articles curated for your reading enjoyment in case you missed them! This week's volume was created by Miguel Calles, Manmeet Singh Bhatia and Guise Bule. The whole team here at Secjuice wish you a good start to the new decade.

California's Privacy Act Now in Effect

The California Consumer Privacy Act (CCPA) went into effect January 1, 2020. It is similar in ilk to the European Union’s General Data Protection Regulation (GDPR). The CCPA requires businesses to disclose what it does with its customer data if it buys or sells data on "at least 50,000 California residents each year." The act empowers consumers to be able to request a business to delete all its personal data. The GDPR compliance concerns and issues might be a foreshadow of what is coming for CCPA.

https://www.theverge.com/2019/12/31/21039228/california-ccpa-facebook-microsoft-gdpr-privacy-law-consumer-data-regulation

The CCPA goes into effect January 1 but still isn’t quite finished
Just like the GDPR, it’s not totally clear what it means to be compliant with the CCPA

Starbucks API Keys Found in GitHub

Starbucks uses JumpCloud as its Active Directory management platform. On October 17, 2019, Vulnerability hunter Vinoth Kumar reported a security vulnerability to Starbucks via HackerOne. Kumar discovered a JumpCloud API key in GitHub. Starbucks quickly revoked the keys.

https://www.bleepingcomputer.com/news/security/starbucks-devs-leave-api-key-in-github-public-repo/

Starbucks Devs Leave API Key in GitHub Public Repo
One misstep from developers at Starbucks left exposed an API key that could be used by an attacker to access internal systems and manipulate the list of authorized users.

2019 Was A Hot Mess For Cybersecurity, But 2020 Shows Promise

I thought this article was an excellent synopsis of the past year in cybersecurity and a solid outlook on the year ahead. It was written by Zack Whittaker, the Security Editor at TechCrunch and the publisher of a fantastic weekly newsletter called ThisWeekInSecurity. Zack has fantastic visibility into the comings, goings and events in the cybersecurity space, his Security Predictions article is well worth checking out.

https://techcrunch.com/2020/01/04/cybersecurity-predictions-2020/

2019 was a hot mess for cybersecurity, but 2020 shows promise

A cyber attack is on its way.

Soon after news broke out of the US airstrike on Iran, the digital space has been a little nervy. It would be not far-fetched to say a retaliation could be seen in the form of a cyber attack. Read all about it on these channels:

https://www.washingtonpost.com/technology/2020/01/03/cyber-attack-should-be-expected-us-strike-iranian-leader-sparks-fears-major-digital-disruption/
https://www.nbcnews.com/tech/security/iran-strike-puts-u-s-cybersecurity-experts-alert-n1110256

Iran strike puts U.S. cybersecurity experts on alert
Cybersecurity professionals across the U.S. expressed a mixture of concern and caution Friday, with many explicitly saying that they are gearing up for potential retaliation from Iran.


The awesome image used in this article is called "Scrambled eggs nightmare" and was created by Alexander Dolnikov.