ISPs underestimate value of security, core demand for 71% of enterprises

There is a disconnect between how much enterprises care about Internet security and what service providers think these customers value according to a new survey by the Internet Society (IS). The survey showed 71 percent of respondents stating that security was a core value for their organisation. Asked about specific threats, enterprise respondents ranked traffic routing, interception, and hijacking […]

Tarte Cosmetics breach exposes nearly 2 million customers

Here’s one case where you might say the crime was worse than the cover-up. Make-up company Tarte Cosmetics exposed the personal information of nearly 2 million online customers after two of its online MongoDB databases were misconfigured for public access, according to researchers from MacKeeper’s Kromtech Security Center. Even worse, a known cybercriminal group dropped a ransom […]

Unsecured AWS server exposed classified military intel

Sensitive military data found on an unsecured Amazon server belonging to the U.S. Army Intelligence and Security Command (INSCOM), a joint Intelligence effort with the NSA, was accessible to the public and included information on project Red Disk, an Army cloud-based intelligence platform, an auxiliary to the Distributed Common Ground System (Army DCGS-A), that failed. […]

Open AWS S3 bucket exposes sensitive Experian and census info on 123 million U.S. households

Another cloud-based data repository, this one belonging to Alteryx, has publicly exposed datasets from the data analytics firm’s partner Experian and the U.S. Census Bureau that contain sensitive personal information on 123 million U.S. households. In what has become an alarmingly regular occurrence, UpGuard disclosed its Director of Cyber Risk Research Chris Vickery had found the […]

Cloud-based docs the new frontier for phishing attacks

Ever on the lookout for a new avenue of attack, cybercriminals had figured out a method of using Google App Scripts to automatically download malware hosted in Google drive to any computer. Google App Scripts, the Javascript development platform used to create stand-alone apps with extensions to the Google Apps SaaS system, has an automatic document sharing […]

Meltdown, Spectre updates aplenty, but the fix is more complicated

A pair of flaws dubbed Meltdown and Spectre that take advantage of the speculative execution performance feature in modern CPUs make the memory of virtually all computers and devices accessible to hackers. “The Meltdown [CVE-2017-5754] and Spectre [CVE-2017-5753 and CVE-2017-5715] exploitation techniques abuse speculative execution to access privileged memory—including that of the kernel—from a less-privileged user process […]

Multiple vulnerabilities including remote execution spotted in WDMyCloud products

A GulfTech researcher spotted multiple vulnerabilities In Western Digital’s MyCloud products, some of which could lead to remote code execution and unauthorized access. The vulnerabilities include unrestricted file uploads, a hardcoded backdoor and several malicious security issues including cross site request forgery, command injection, denial of service and information disclosure flaws, researcher James Bercegay said […]

Open AWS S3 bucket exposes private info on thousands of Fedex customers

In what has become an alarmingly routine occurrence, an unsecured Amazon S3 server – this time affiliated with FedEx – has exposed personal information of tens of thousands of users. Kromtech Security Center researchers came across the exposed information, which included 119,000 scanned documents such as passports, driver’s licenses, security IDs and the like, on an open […]

Celebgate hacker who stole Jennifer Lawrence nudes pleads guilty of breaking into nearly 240 iCloud accounts

A Connecticut man admitted to hacking into the iCloud accounts of prominent females celebrities including “Red Sparrow” actress Jennifer Lawrence and more than 200 others. George Garofano, 26, pleaded guilty to charges stemming from a phishing scheme that allowed him to gain access to the accounts of people in the entertainment industry, according to a Department […]

Social media aggregator LocalBlox leaves 48M records exposed

In the wake of the Facebook- Cambridge Analytica scandal, social media data aggregation firm LocalBlox left an AWS bucket misconfigured revealing 48 million records gleaned from publicly available data on Facebook, LinkedIn and Twitter profiles UpGuard Cyber Risk Team researchers identified the exposed data including names, physical addresses, job histories, and dates of birth of users across the various […]