misconfiguration – Page 14 – WindowsTechs.com

Open .Git Directories Leave 390K Websites Vulnerable

Posted on September 7, 2018 by Tara Seals

An exhaustive scan shows hundreds of thousands of websites potentially exposing sensitive data such as database passwords, API keys and so on. Continue reading Open .Git Directories Leave 390K Websites Vulnerable→

Access misconfiguration opens 3D printers to remote attacks

Posted on September 5, 2018 by Zeljka Zorz

Spurred by a report coming from a regular reader, SANS ISC handlers Richard Porter and Xavier Mertens searched for OctoPrint interfaces for 3D printers exposed online and found over 3,700 that are accessible without authentication. The danger of public… Continue reading Access misconfiguration opens 3D printers to remote attacks→

Smart homes can be easily hacked via unsecured MQTT servers

Posted on August 20, 2018 by Zeljka Zorz

The Internet of Things is full of security holes, and the latest one has been pointed out by Avast researcher Martin Hron: unsecured MQTT servers. What is MQTT? The Message Queuing Telemetry Transport (MQTT) protocol is a messaging protocol that’… Continue reading Smart homes can be easily hacked via unsecured MQTT servers→

GoDaddy Leaks ‘Map of the Internet’ via Amazon S3 Cloud Bucket Misconfig

Posted on August 13, 2018 by Tara Seals

Configuration data for GoDaddy servers could be used as a reconnaissance tool for malicious actors to uncover ripe targets. Continue reading GoDaddy Leaks ‘Map of the Internet’ via Amazon S3 Cloud Bucket Misconfig→

Public Google Groups Leaking Sensitive Data at Thousands of Orgs

Posted on June 1, 2018 by Tara Seals

The exposed information includes accounts payable and invoice data, customer support emails, password-recovery mails, links to employee manuals, staffing schedules and other internal resources. Continue reading Public Google Groups Leaking Sensitive Data at Thousands of Orgs→

Honda, Universal Music Group Expose Sensitive Data in Misconfig Blunders

Posted on June 1, 2018 by Tara Seals

The Honda mistake affects 50,000 users of the Honda Connect App, while UMG exposed corporate keys to the kingdom. Continue reading Honda, Universal Music Group Expose Sensitive Data in Misconfig Blunders→

TeenSafe Tracking App Exposes Thousands of Private Records

Posted on May 21, 2018 by Tara Seals

Records for a mobile app that parents can use to monitor what their kids are doing online has been exposed in the latest Amazon Web Services cloud misconfiguration. Continue reading TeenSafe Tracking App Exposes Thousands of Private Records→

NameCheap to Notify Customers of Misconfiguration Issue that Allowed Subdomain Creation on Any Hosted Account

Posted on February 7, 2018 by David Bisson

NameCheap has said it intends to notify customers of a misconfiguration issue that allowed customers to create subdomains for any hosted account. Richard Kirkendall, CEO for the ICANN-accredited registrar, said on Twitter that the company is currently … Continue reading NameCheap to Notify Customers of Misconfiguration Issue that Allowed Subdomain Creation on Any Hosted Account→

Top 10 OWASP pt.2 – Application Security Weekly #02

Posted on January 24, 2018 by Paul Asadoorian

This week, Paul and Keith discuss the last of the top ten most critical web application security risks! They discuss security misconfiguration, insecure deserialization, insufficient logging and monitoring, and more on this episode of Application Secur… Continue reading Top 10 OWASP pt.2 – Application Security Weekly #02→

Apple Fixes MacOS High Sierra Root Access Vulnerability

Posted on November 29, 2017 by Lucian Constantin

Apple has released an emergency fix for an embarrassing vulnerability that allowed people to access the highest privileges account on Mac computers without a password. The vulnerability was disclosed by a user Tuesday on Twitter. He noticed that when p… Continue reading Apple Fixes MacOS High Sierra Root Access Vulnerability→