Amazon isn't saying how many customers had their names and email addresses exposed due to a data leak caused by an unexplained technical error. Credit: Elliott Brown from Birmingham, United Kingdom (Amazon - Patent Drive, Wednesbury - sign) Right before you Thanksgiving and some of the biggest shopping days of the year, Amazon sent emails to affected customers, revealing that it had “inadvertently disclosed your name and email address due to a technical error.” The lackluster email caused some people to worry it might be a phishing attack.Amazon failed to say how many people were affected by the data exposure or what the technical error actually was; instead, Amazon claimed the issue was fixed and impacted customers were notified.More cybersecurity newsSecurity hole leads to data exposure of 60 million USPS customersFirst we had a U.S. Secret Service warning saying the U.S. Postal Service’s Informed Delivery service was being abused by identity thieves. Now Brian Krebs says the USPS closed a security hole in the API for “Informed Visibility” that exposed data on 60 million users. Multiple flaws in TP-Link routersSpeaking of security holes, Cisco Talos Intelligence disclosed four vulnerabilities in TP-Link’s TL-R600VPN routers, including a remote code execution hole. Linux servers targeted with non-IoT Mirai variants Botmasters are branching out from routers, security cameras, and other Internet of Things (IoT) devices and are now trying to use a Hadoop vulnerability to target Linux servers with Mirai variants. Netscout said, “This is the first time we’ve seen non-IoT Mirai in the wild.”Ghostscript flawThe Ghostscript interpreter used to process PDF files and postscripts, which is shipped with most flavors of Linux distribution and is commonly used by sites, services, apps, and cloud platforms, has a remote code execution flaw (pdf). The vulnerability discovered by Semmle is a variant of the critical vulnerability discovered by Google Project Zero’s Tavis Ormandy in August.DirtyCOW and backdoor into Drupal serversDo you use Drupal? Imperva researchers spotted a campaign using DirtyCOW, Drupalgeddon2 and system misconfigurations to “persistently infect vulnerable Drupal web servers and take over user machines.” Facebook and LinkedIn privacy failsFacebook may be facing more woes as the British Parliament seized a cache of internal Facebook documents to determine the truth of Facebook’s data and privacy control decisions.LinkedIn is also in hot water, as Ireland’s Data Protection Commissioner found (pdf) that “LinkedIn’s practices leading up to GDPR implementation in Europe were not only uncanny, but actually violated data protection rules, in LinkedIn’s case concerning some 18 million email addresses.”U.S. government security and privacy fails A recent audit found that the IRS failed to apply consumer protections for victims of at least 89 data breaches, leaving at least 11,406 U.S. taxpayers unprotected.In addition, Sen. Ron Wyden (D-Ore.) pointed out that the public has waited decades for the Department of Defense (DoD) to be audited as is required by law. Now it has been revealed that the DoD failed its first-ever full-scale audit.IronyJapan’s cybersecurity minister, who admitted to not using computers, has now admitted that he’s “not that familiar” with cybersecurity matters. Japan’s head honcho for cybersecurity said his main job “is to read out written replies (prepared by bureaucrats) without making any mistakes.”Meanwhile in North Korea, with the government-sponsored hacking group Lazarus, which allegedly has stolen $571 million of the $882 million total in heisted crypto from online exchanges:North Korea is hosting a conference on blockchain and cryptocurrency next year. Organizers say U.S. citizens are welcome to attend the despite travel ban. @nknewsorg @ColinZwirko @OliverHotham https://t.co/4ORhrbhQWH— CSIS Korea Chair (@CSISKoreaChair) November 21, 2018SurveillanceThe social credit system Citizen Score is part of China’s over-the-top surveillance. Now, apparently, the U.S. Department of Homeland Security (DHS) is taking a page from China with its new credit score-checking proposal. Slate revealed, “The agency charged with safeguarding the nation would like to make immigrants submit their credit scores when applying for legal resident status.”Speaking of surveillance, Google’s new patents reveal that the search giant wants to data mine your bedroom: “Google wants to scan your clothing and listen to your brush your teeth.”While letting Google into your bedroom is optional, some people with health disorders are already under “secret” surveillance in their bedrooms. Millions of people with sleep apnea use CPAP breathing machines, and ProPublica explained that health insurance companies, starting with Medicare, use surveillance – without users’ knowledge – to keep track of how long the machines are used each night. If a user fails to comply by using the device for the required time period, insurers can deny payment.Others argue we will invite surveillance by agreeing to be microchipped.Shop smart When shopping, be sure to shop smart. Be aware of internet-connected devices that could allow hackers to watch you. Related content news Dow Jones watchlist of high-risk businesses, people found on unsecured database A Dow Jones watchlist of 2.4 million at-risk businesses, politicians, and individuals was left unprotected on public cloud server. By Ms. Smith Feb 28, 2019 4 mins Data Breach Hacking Security news Ransomware attacks hit Florida ISP, Australian cardiology group Ransomware attacks might be on the decline, but that doesn't mean we don't have new victims. A Florida ISP and an Australian cardiology group were hit recently. By Ms. Smith Feb 27, 2019 4 mins Ransomware Security news Bare-metal cloud servers vulnerable to Cloudborne flaw Researchers warn that firmware backdoors planted on bare-metal cloud servers could later be exploited to brick a different customer’s server, to steal their data, or for ransomware attacks. By Ms. Smith Feb 26, 2019 3 mins Cloud Computing Security news Meet the man-in-the-room attack: Hackers can invisibly eavesdrop on Bigscreen VR users Flaws in Bigscreen could allow 'invisible Peeping Tom' hackers to eavesdrop on Bigscreen VR users, to discreetly deliver malware payloads, to completely control victims' computers and even to start a worm infection spreading through VR By Ms. Smith Feb 21, 2019 4 mins Hacking Vulnerabilities Security Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe