2.3B Files Currently Exposed via Online Storage

Posted on May 31st, 2019 by Responsible Cyber

Digital Shadows researchers scanned various online file-sharing services and concluded the number of exposed files is up 50% from March of 2018. More than 2.3 billion files are exposed across misconfigured online file storage technologies, marking an increase of 750 million files – or a 50% jump – from 1.5 billion in March 2018. Researchers […]

Read More

IT services giant HCL left employee passwords, other sensitive data exposed online

Posted on May 23rd, 2019 by Responsible Cyber

IT services giant HCL left employee passwords exposed online, as well as customer project details, and other sensitive information, all without any form of authentication, research by security consultancy UpGuard reveals. An HCL human resources portal published new employee names, usernames and clear text passwords. “The most sensitive stuff was on an HR portal and […]

Read More

Account Hijacking Forum OGusers Hacked — Krebs on Security

Posted on May 23rd, 2019 by Responsible Cyber

Ogusers[.]com — a forum popular among people involved in hijacking online accounts and conducting SIM swapping attacks to seize control over victims’ phone numbers — has itself been hacked, exposing the email addresses, hashed passwords, IP addresses and private messages for nearly 113,000 forum users. On May 12, the administrator of OGusers explained an outage […]

Read More

PoC Exploit For Unpatched Windows 10 Zero-Day Flaw Published Online

Posted on May 23rd, 2019 by Responsible Cyber

An anonymous hacker with an online alias “SandboxEscaper” today released proof-of-concept (PoC) exploit code for a new zero-day vulnerability affecting Windows 10 operating system—that’s his/her 5th publicly disclosed Windows zero-day exploit [1, 2, 3] in less than a year.Published on GitHub, the new Windows 10 zero-day vulnerability is a privilege escalation issue that could allow […]

Read More

Third Parties in Spotlight as More Facebook Data Leaks

Posted on April 6th, 2019 by Responsible Cyber

Two third-party services left Facebook user data exposed online — in one case, 540 million records of user comments — highlighting the ease with which third-party developers can access data and the risk of lax security. A Mexican media company’s unprotected Amazon S3 container exposed more than 540 million records of Facebook users’ comments and […]

Read More

Annual Protest Raises $250K to Cure Krebs — Krebs on Security

Posted on April 6th, 2019 by Responsible Cyber

For the second year in a row, denizens of a large German-language online forum have donated more than USD $250,000 to cancer research organizations in protest of a story KrebsOnSecurity published in 2018 that unmasked the creators of Coinhive, a now-defunct cryptocurrency mining service that was massively abused by cybercriminals. Krebs is translated as “cancer” […]

Read More

Critical Magento SQL Injection Vulnerability Discovered – Patch Your Sites

Posted on March 30th, 2019 by Responsible Cyber

If your online e-commerce business is running over the Magento platform, you must pay attention to this information.Magento yesterday released new versions of its content management software to address a total of 37 newly-discovered security vulnerabilities.Owned by Adobe since mid-2018, Magento is one of the most popular content management system (CMS) platform that powers 28% […]

Read More

Critical Magento SQL injection flaw could be targeted by hackers soon

Posted on March 29th, 2019 by Responsible Cyber

The Magento content management system used by thousands of online shops has received fixes for several serious vulnerabilities, including an unauthenticated SQL injection flaw that’s likely to soon become a target for attackers. Magento, an Adobe-owned company since 2018, released security patches for 37 security issues affecting both the commercial and open-source versions of its […]

Read More

Two Found Guilty in Online Dating, BEC Scheme

Posted on March 24th, 2019 by Responsible Cyber

Cybercriminals involved in the operation created fake online dating profiles and tricked victims into sending money to phony bank accounts. Two men have been found guilty for their roles in a fraud operation in which cybercriminals spoofed emails, built fake online dating profiles, and fooled victims into sending them money. Nigerian citizen Olufolajimi Abegunde and […]

Read More

Ad Network Sizmek Probes Account Breach — Krebs on Security

Posted on March 14th, 2019 by Responsible Cyber

Online advertising firm Sizmek Inc. [NASDAQ: SZMK] says it is investigating a security incident in which a hacker was reselling access to a user account with the ability to modify ads and analytics for a number of big-name advertisers. In a recent posting to a Russian-language cybercrime forum, an individual who’s been known to sell access […]

Read More