A MongoDB database was left open on the internet without a password, and by doing so, exposed the personal details and prescription information for more than 78,000 US patients. The leaky database was discovered by the security team at vpnMentor, led by Noam Rotem and Ran Locar, who shared their findings exclusively with ZDNet earlier Read more about Meds prescriptions for 78,000 patients left in a database with no password[…]

Even as Homeland Security officials have attempted to downplay the impact of a security intrusion that reached deep into the network of a federal surveillance contractor, secret documents, handbooks, and slides concerning surveillance technology deployed along U.S. borders are being widely and openly shared online. A terabyte of torrents seeded by Distributed Denial of Secrets Read more about Hack of U.S. Border Surveillance Contractor Is Way Bigger Than the Government Lets On[…]

Millions of PCs made by Dell and other OEMs are vulnerable to a flaw stemming from a component in pre-installed SupportAssist software. The flaw could enable a remote attacker to completely takeover affected devices. The high-severity vulnerability (CVE-2019-12280) stems from a component in SupportAssist, a proactive monitoring software pre-installed on PCs with automatic failure detection and Read more about Millions of Dell PCs Vulnerable to Flaw in SupportAssist software[…]

Google Calendar was down for users around the world for nearly three hours earlier today. Calendar users trying to access the service were met with a 404 error message through a browser from around 10AM ET until around 12:40PM ET. Google’s Calendar service dashboard now reveals that issues should be resolved for everyone within the Read more about Google Calendar was down for hours after major outage[…]

As far back as 2015, major companies like Sony and Intel have sought to crowdsource efforts to secure their systems and applications through the San Francisco startup HackerOne. Through the “bug bounty” program offered by the company, hackers once viewed as a nuisance—or worse, as criminals—can identify security vulnerabilities and get paid for their work. Read more about HackerOne Reveals Which Security Bugs Are Making Its Army of Hackers the Most Bank[…]

The well-known and respected data breach notification website “Have I Been Pwned” is up for sale. Troy Hunt, its founder and sole operator, announced the sale on Tuesday in a blog post where he explained why the time has come for Have I Been Pwned to become part of something bigger and more organized. “To Read more about The Biggest Data Breach Archive on the Internet Is for Sale[…]

On June 6, more than 70,000 BGP routes were leaked from Swiss colocation company Safe Host to China Telecom in Frankfurt, Germany, which then announced them on the global internet. This resulted in a massive rerouting of internet traffic via China Telecom systems in Europe, disrupting connectivity for netizens: a lot of data that should Read more about You won’t guess where European mobile data was rerouted for two hours. Oh. You can. Yes, it was China Telecom[…]

A team at network security outfit vpnMentor was scanning cyber-space as part of a web-mapping project when they happened upon a Graylog management server belonging to Tech Data that had been left freely accessible to the public. Within that database, we’re told, was a 264GB cache of information including emails, payment and credit card details, Read more about Who left a database of emails, credit cards, plain-text passwords, and more open to the web this week? Tech Data, come on down![…]

Google suffered major outages with its Cloud Platform on Sunday, causing widespread access issues with both its own services and third party apps ranging from Snapchat to Discord. As of early Sunday evening, issues had persisted for hours; according to the Google Cloud Status Dashboard, the outages began at roughly 3:25 p.m. ET and were Read more about Major Google Outage Hits YouTube, G Suite, and Third Party Apps Including Discord and Snapchat[…]

All of the current versions of Docker have a vulnerability that can allow an attacker to get read-write access to any path on the host server. The weakness is the result of a race condition in the Docker software and while there’s a fix in the works, it has not yet been integrated. The bug Read more about Docker Bug Allows Root Access to Host File System[…]

In a series of emails seen by ZDNet that the company sent out to impacted users, Flipboard said hackers gained access to databases the company was using to store customer information. Most passwords are secure Flipboard said these databases stored information such as Flipboard usernames, hashed and uniquely salted passwords, and in some cases, emails Read more about Flipboard hacked and open for 9 months – fortunately passwords properly salted and encrypted so not much damage[…]

On May 25th I discovered a non password protected Elastic database that was clearly associated with dating apps based on the names of the folders. The IP address is located on a US server and a majority of the users appear to be Americans based on their user IP and geolocations. I also noticed Chinese Read more about Mysterious Chinese Dating Apps Targeting US Customers Expose 42.5 Million Records Online[…]

The Web site for Fortune 500 real estate title insurance giant First American Financial Corp. [NYSE:FAF] leaked hundreds of millions of documents related to mortgage deals going back to 2003, until notified this week by KrebsOnSecurity. The digitized records — including bank account numbers and statements, mortgage and tax records, Social Security numbers, wire transaction Read more about First American Financial Corp. Leaked 885 Million Title Insurance Records[…]

Google admitted Tuesday its paid-for G Suite of cloudy apps aimed at businesses stored some user passwords in plaintext albeit in an encrypted form. Administrators of accounts affected by the security blunder were warned via email that, in certain circumstances, passwords had not been hashed. Hashing is a standard industry practice that protects credentials by Read more about G Suite passwords stored unhashed creds since 2005, and other passwords in plain text for 14 days for troubleshooting[…]

A new device fingerprinting technique can track Android and iOS devices across the Internet by using factory-set sensor calibration details that any app or website can obtain without special permissions. This new technique — called a calibration fingerprinting attack, or SensorID — works by using calibration details from gyroscope and magnetometer sensors on iOS; and Read more about Android and iOS devices impacted by new sensor calibration attack – it’s easy to follow your device everywhere online[…]

Using data provided by BinaryEdge, our scans have found 25,617 Linksys Smart Wi-Fi routers are currently leaking sensitive information to the public internet, including: MAC address of every device that’s ever connected to it (full historical record, not just active devices) Device name (such as “TROY-PC” or “Mat’s MacBook Pro”) Operating system (such as “Windows Read more about Over 25,000 Linksys Smart Wi-Fi routers kept info on who connected to them and are now leaking this[…]

A massive database containing contact information of millions of Instagram influencers, celebrities and brand accounts has been found online. The database, hosted by Amazon Web Services, was left exposed and without a password allowing anyone to look inside. At the time of writing, the database had over 49 million records — but was growing by Read more about Millions of Instagram influencers had their private contact data scraped and exposed on AWS[…]

Last week, Adobe said that older versions of Creative Cloud apps—including Photoshop and Lightroom—would no longer be available to subscribers. This week, some users are getting messages from Adobe warning they could be at “risk of potential claims of infringement by third parties” should they continue to use outdated versions of their apps. The new Read more about Adobe: If You Use Old Apps, You May Be Violating Third-Party Copyrights, highlighting the problem that you don’t own anything in the Cloud[…]

A security flaw in WhatsApp can be, and has been, exploited to inject spyware into victims’ smartphones: all a snoop needs to do is make a booby-trapped voice call to a target’s number, and they’re in. The victim doesn’t need to do a thing other than leave their phone on. The Facebook-owned software suffers from Read more about It’s 2019 and a WhatsApp call can hack a phone: Zero-day exploit infects mobes with spyware[…]

Researchers have found a new way to defeat the boot verification process for some Intel-based systems, but the technique can also impact other platforms and can be used to compromise machines in a stealthy and persistent way. Researchers Peter Bosch and Trammell Hudson presented a time-of-check, time-of-use (TOCTOU) attack against the Boot Guard feature of Read more about New Intel firmware boot verification bypass enables low-level persistent backdoors[…]

A huge MongoDB database exposing 275,265,298 records of Indian citizens containing detailed personally identifiable information (PII) was left unprotected on the Internet for more than two weeks. Security Discovery researcher Bob Diachenko discovered the publicly accessible MongoDB database hosted on Amazon AWS using Shodan, and as historical data provided by the platform showed, the huge cache Read more about Over 275 Million Indian Personal Records Exposed by Unsecured MongoDB Database[…]

The hacker, who goes by the name L&M, told Motherboard he hacked into more than 7,000 iTrack accounts and more than 20,000 ProTrack accounts, two apps that companies use to monitor and manage fleets of vehicles through GPS tracking devices. The hacker was able to track vehicles in a handful of countries around the world, Read more about Hacker Finds He Can Remotely Kill Car Engines, take location and personal data After Breaking Into Fleet GPS Tracking Apps, because default account password is 123456[…]

the addresses and demographic details of more than 80 million US households were exposed on an unsecured database stored on the cloud, independent security researchers have found. The details included names, ages and genders as well as income levels and marital status. The researchers, led by Noam Rotem and Ran Locar, were unable to identify Read more about Unsecured MS cloud database removed after exposing details on 80 million US households[…]

Right on cue, Cisco on Wednesday patched a security vulnerability in some of its network switches that can be exploited by miscreants to commandeer the IT equipment and spy on people. This comes immediately after panic this week over a hidden Telnet-based diagnostic interface was found in Huawei gateways. Although that vulnerability was real, irritating, Read more about Sinister secret backdoor found in networking gear perfect for government espionage: The Chinese are – oh no, wait, it’s Cisco again[…]

A vulnerability in the Dell SupportAssist utility exposes Dell laptops and personal computers to a remote attack that can allow hackers to execute code with admin privileges on devices using an older version of this tool and take over users’ systems. Dell has released a patch for this security flaw on April 23; however, many Read more about Dell laptops and computers vulnerable to remote hijacks via Dell admin tool[…]