A Brief Weekly Review of Top Stories that Dominated the Cyberworld

The outgoing week saw a number of events that had long-term effects on the cybersecurity landscape. From Bit Discovery raising a whopping $4mn Series B funding round to a vendor inadvertently disclosing customer information of Mercedes-Benz USA, there were many minor and major incidents that made headlines.

Here’s a brief review of what took place in the outgoing week.   

Bit Discovery Raised $4 Million Series B Funding Round 

Jeremiah Grossman’s Bit Discovery announced it has obtained another $4 million in Series B financing spearheaded by Mighty Capital and return investor Aligned Partners.

Jeremiah Grossman, co-founder and CEO of Bit Discovery, said that enterprises are increasingly viewing attack surface management as vital to vulnerability management, recognizing areas of unidentified risk, M&A processes, IoT device identification, and much more.

Bit Discovery’s founding mission is to help companies comprehend the cruciality of attack surface management. History suggests that companies that let this area lapse have faced huge data breaches, issues with hardware or software licensing, mismanaged M&A activity, and undesirable financial effect due to unconsolidated and ill managed IT infrastructure.

Vendor Inadvertently Revealed Customer Information: Mercedes-Benz USA

Last week, Mercedes-Benz USA said that a vendor inadvertently divulged important personal information relating to its customers.

Initially revealed by the affected vendor on June 11, the incident involved more than 1.6 million records, a vast majority of which include names, addresses, email addresses, phone numbers, and some details on purchased vehicles.

Nevertheless, only “less than 1,000 Mercedes-Benz customers and interested buyers” had what the German luxury carmaker labelled as “sensitive personal information” affected.

The company has started informing those whose additional information was accessible.

Vendor Inadvertently Revealed Customer Information: Mercedes-Benz USA

According to a warning from security vendor Detectify, several large organizations were affected by an authentication bypass in Adobe Experience Manager CRX Package Manager.

The Adobe Experience Manager (AEM) is a content management solution (CMS) used for the creation of websites and mobile applications; it also allows developers to manage marketing content and assets.

Discovered by Detectify Crowdsource community researchers Ai Ho and Bao Bui, the authentication bypass could be abused by threat actors to access the CRX Package Manager, which is used for handling packages on the local AEM installation.

Some of the organizations affected include LinkedIn, MasterCard, Sony’s PlayStation, and McAfee.

Facebook Filed Lawsuits against Four Vietnamese Nationals for Hacking Accounts

Social media giant Facebook announced it had sued four Vietnamese individuals over advertising-related schemes.

According to Facebook, four individuals living in Vietnam hired session/cookie theft systems to compromise the accounts of employees at advertising and marketing agencies, leveraging them to run unlawful ads.

As part of their scheme, the defendants purportedly used a malicious Android application, called “Ad Manager for Facebook,” to take control of the accounts. The app was hosted on Google Play, but it has been eliminated from the storefront.