misconfiguration

Cyber Security Roundup for September 2020

Cyber Security Roundup for September 2020

| | adobe, CREST, cyber security roundup, Hackers, Microsoft, misconfiguration, NCC, NCSC, patching, Phishing, SANS, Travelex, Uber
A roundup of UK focused Cyber and Information Security News, Blog Posts, Reports and general Threat Intelligence from the previous calendar month, August 2020.Taking security training courses and passing certification exams are ...
IT Security Expert Blog
Cyber Security Roundup for May 2020

Cyber Security Roundup for May 2020

| | Cloud Security, Cognizant, cyber security roundup, Emotet, google, Huawei, Maze, Microsoft, misconfiguration, nintendo, patching, Ransomware, rEvil, sophos, Travelex, VMware
A roundup of UK focused Cyber and Information Security News, Blog Posts, Reports and general Threat Intelligence from the previous calendar month, April 2020.As well reported, UK foreign exchange firm Travelex business ...
IT Security Expert Blog

10 Security Blunders that should stay in 2019

| | incident management, misconfiguration, Password Security, patching, Security Awareness
Cyber attacks are inevitable, regardless of the size of a business or the sector it operates in. Cyber criminals will try their luck with any business connected to the internet. But as ...
IT Security Expert Blog
Misconfigured ElasticSearch Cluster Exposed Over 90 Million Records

Misconfigured ElasticSearch Cluster Exposed Over 90 Million Records

| | elasticsearch, IT Security and Data Protection, Jiangsu, Latest Security News, misconfiguration
A security researcher found a misconfigured ElasticSearch cluster that exposed over 90 million personal and businesses data records. On 1 July, GDI Foundation member and an independent security researcher Sanyam Jain found ...
The State of Security
Hundreds of Vulnerable Docker Hosts Exploited by Cryptocurrency Miners

Hundreds of Vulnerable Docker Hosts Exploited by Cryptocurrency Miners

| | Application Security, cryptocurrency, Data Security, DEVOPS, Docker, misconfiguration, rce, remote API, Remote Code Execution, Research & Reports, server host, Virtualization
Docker is a technology that allows you to perform operating system level virtualization. An incredible number of companies and production hosts are running Docker to develop, deploy and run applications inside containers ...
Blog
Apple Fixes MacOS High Sierra Root Access Vulnerability

Apple Fixes MacOS High Sierra Root Access Vulnerability

| | Amazon S3, Apple, authentication bypass, blank password, cloud leak, credential validation failure, Data leak, INSCOM, macOS High Sierra, misconfiguration, nsa, Red Disk, root access, root password, storage bucket, third-party vendor, virtual appliance, vulnerability
Apple has released an emergency fix for an embarrassing vulnerability that allowed people to access the highest privileges account on Mac computers without a password. The vulnerability was disclosed by a user ...
cloud

Insecure Storage Buckets Expose 1.8 Billion Online Posts Scraped for U.S. Military

| | Amazon S3, CENTCOM, Data leak, insecure configuration, intelligence gathering, military, misconfiguration, PACOM, permission control, public access, storage bucket, VendorX
A Pentagon contractor left three storage buckets publicly accessible on Amazon’s S3 service, exposing more than 1.8 billion online posts collected since 2009. The messages, posted by people from around the world, ...
DAM

All of Yahoo’s 3 Billion Accounts Compromised in 2013

| | Apache Tomcat, Data breach, elasticsearch, misconfiguration, National Football League, Remote Code Execution, vulnerability, Yahoo
The massive data breach announced by Yahoo in December was believed to have affected around 1 billion accounts, but it turns out it actually affected the company’s entire user base of around ...
web

Like Equifax, Thousands of Companies Use Vulnerable Apache Struts Versions

| | Amazon S3, Apache Struts, APT33, cyberespionage, Data leak, data wiper, Equifax, Iran, Malware, misconfiguration, patch management, S3 bucket, software components, Software Development, Viacom, vulnerability
U.S. credit monitoring bureau Equifax has been heavily criticized for its failure to patch a known critical vulnerability in the Apache Struts web development framework, an oversight that led to a massive ...