Welcome to the seventh edition of the Secjuice Squeeze, where we present a selection of last weeks interesting infosec articles curated for your reading enjoyment in case you missed them! This week's volume was created by Miguel Calles, Manmeet Singh Bhatia and Guise Bule. The whole team here at Secjuice wish you a good start to the new decade.
California's Privacy Act Now in Effect
The California Consumer Privacy Act (CCPA) went into effect January 1, 2020. It is similar in ilk to the European Union’s General Data Protection Regulation (GDPR). The CCPA requires businesses to disclose what it does with its customer data if it buys or sells data on "at least 50,000 California residents each year." The act empowers consumers to be able to request a business to delete all its personal data. The GDPR compliance concerns and issues might be a foreshadow of what is coming for CCPA.
Starbucks API Keys Found in GitHub
Starbucks uses JumpCloud as its Active Directory management platform. On October 17, 2019, Vulnerability hunter Vinoth Kumar reported a security vulnerability to Starbucks via HackerOne. Kumar discovered a JumpCloud API key in GitHub. Starbucks quickly revoked the keys.
2019 Was A Hot Mess For Cybersecurity, But 2020 Shows Promise
I thought this article was an excellent synopsis of the past year in cybersecurity and a solid outlook on the year ahead. It was written by Zack Whittaker, the Security Editor at TechCrunch and the publisher of a fantastic weekly newsletter called ThisWeekInSecurity. Zack has fantastic visibility into the comings, goings and events in the cybersecurity space, his Security Predictions article is well worth checking out.
A cyber attack is on its way.
Soon after news broke out of the US airstrike on Iran, the digital space has been a little nervy. It would be not far-fetched to say a retaliation could be seen in the form of a cyber attack. Read all about it on these channels: