Collaborate Disseminate
Simple mistakes and configuration errors is still a major cybersecurity issue, according to security firm Censys.
The post Misconfiguration leaves thousands of servers vulnerable to attack, researchers find appeared first on CyberScoop.
Continue reading Misconfiguration leaves thousands of servers vulnerable to attack, researchers find
If the alleged Capital One hacker also took information from dozens of other companies, as investigators suspect, then Amazon Web Services isn’t aware of it, according to the cloud computing giant. The company outlined its findings in a letter to Sen. Ron Wyden, D-Ore., who had sought more detail on how a reported misconfiguration in Capital One’s AWS server would have made it possible for a single individual to steal information about more than 100 million people. The letter said AWS is not aware of any breaches at other “noteworthy” customers, cautioning that there “may have been small numbers of these that haven’t been escalated to us.” This follows court filings indicating government investigators are probing whether the accused hacker, Paige Thompson, also took data from more than 30 other companies, along with Capital One. Wyden asked whether any vulnerabilities in the AWS cloud service — which serves millions of customers – contributed to the […]
The post Amazon Web Services finds no ‘significant issues’ at other companies allegedly breached by Paige Thompson appeared first on CyberScoop.
It started with an e-mail to a Capital One “responsible disclosure” email address early Wednesday, July 17, at 1:25 a.m. The note was short and cryptic. It simply said that “there appears to be some leaked s3 data of yours on someone’s github/gist.” T… Continue reading What’s in YOUR Wallet? A Tepid Defense of Capital One
So far, 2019 shows no signs of a decline in data incidents. Continue reading 2019 Already Marred By Slew of Data Breach Incidents
A massive store of data that includes loan agreements, payment schedules tax documents and other financial records was openly accessible on a public server until recently, according to security researcher Bob Diachenko and TechCrunch. The data, totaling about 24 million records, was being stored in an unsecured server by Ascension Data and Analytics, a company that sells various technical services to the financial industry, according to Diachenko. The researcher said he worked with TechCrunch reporter Zack Whittaker to track the data to Ascension. Diachenko wrote in a blog post published Wednesday that he notified Ascension after making the discovery on Jan. 10, and that the data was secured by Jan. 15. The report says the 51 gigabytes’ worth of data on the server consisted of individual pages of documents that were submitted by financial institutions for optical character recognition – the conversion of handwriting text into machine-readable text. Some of the documents dated as far back as 2008. Some, not all, […]
The post ‘Gold mine’ of customer loan, tax and other records exposed on open server appeared first on CyberScoop.
Continue reading ‘Gold mine’ of customer loan, tax and other records exposed on open server
A database containing personally identifying information of 120 million Brazilian citizens and residents was accessible on the open web for some time, according to a report published Tuesday by cybersecurity company InfoArmor. The records reportedly contained the Cadastro de Pessoas Físicas (CPF) — a counterpart to Social Security numbers — of more than half of Brazil’s population of 210 million. The unprotected CFPs were linked to people’s basic contact information, financial accounts, credit and debit history, voting history family relations and more, InfoArmor says. The company’s researchers say they encountered the openly accessible HTTP server in March 2018 while scanning the web for compromised machines. Within the database, the file “index.html” had been renamed to “index.html_bkp,” which the report says made it visible to the public. Anyone who knew what they were looking for could have found it, InfoArmor says. While the data wasn’t discovered as part of a breach, the researchers caution […]
The post Misconfigured server exposed half of Brazilian taxpayer ID numbers: report appeared first on CyberScoop.
Continue reading Misconfigured server exposed half of Brazilian taxpayer ID numbers: report
A data breach involving Elasticsearch search-engine technology exposed the personal information of nearly 57 million people for at least two weeks, according to report released Wednesday by the cybersecurity organization Hacken. The breach exposed 73 gigabytes of data as early as Nov. 14, Hacken said, including the names, employers, job titles, emails, addresses, phone numbers and IP addresses of 56,934,021 U.S. residents. There was a separate cache of data titled “Yellow Pages,” the report said, with 25 million records about businesses, including information such as names, company details, zip addresses, latitude/longitude, census tract, phone numbers, web addresses, emails, revenue numbers and more. Hacken said it was unclear where the leak originated, but the formatting of the data appeared to have similarities to fields used by Canadian data management company Data & Leads. The database is no longer exposing information to the public, Hacken said. Elasticsearch is an open-source tool intended to allow users to search data stored in private networks. The […]
The post Data about 57 million people exposed by Elasticsearch servers appeared first on Cyberscoop.
Continue reading Data about 57 million people exposed by Elasticsearch servers
A consulting firm that works with Democratic campaigns unknowingly left sensitive fundraiser information and credentials to old voter record databases open on the internet, according to a report published on Wednesday. Cybersecurity company Hacken says it discovered an unprotected Network Attached Storage (NAS) device managed by Rice Consulting, a Maryland firm that provides fundraising and mass communication to Democratic clients. Authentication was reportedly disabled on the NAS, and Hacken says that it was indexed by Shodan, an Internet-of-Things search engine. With its contents publicly accessible, the NAS revealed details about Rice Consulting’s clients as well as details about “thousands of fundraisers,” Hacken says. Those details include names, phone numbers, emails, addresses and companies. There were apparently also contracts, meeting notes, desktop backups and employee details. Rice Consulting did not respond to an email request for comment on the Hacken report. When CyberScoop called the firm, the person who answered said […]
The post Researcher finds trove of political fundraising, old voter data on open internet appeared first on Cyberscoop.
Continue reading Researcher finds trove of political fundraising, old voter data on open internet
Exposed data included names, emails addresses and IP addresses. Continue reading Millions of Records Exposed in Veeam Misconfigured Server