by Paul Ducklin Early disclaimer: this isn’t quite the mother of all data breaches, nor even perhaps a younger cousin, so you can stand down from Blue Alert right away. As far as we can tell, only names, email addresses and employers were leaked in the wrongly shared document. But . . . Read more
Australia has an e-waste problem, and for all the conversations around climate change, energy use, plastics and other ESG matters, it’s surprising that more isn’t said about it. Image: aicandy/Adobe Stock Currently, just 12% of the nation’s computers are recycled, and Australia is the fourth-highest generator of e-waste per capita. . . . Read more
A straight-talking bug report written in plain English by an actual expert – there’s a teachable moment in this cybersecurity story!
Hey, let’s create a text file that lists our security contacts! We’ll call it… security DOT txt.
A six-month investigation by CybelAngel discovered unsecured sensitive patient data available for third parties to access for blackmail, fraud or other nefarious purposes. More than 45 million medical images—and the personally identifiable information (PII) and personal healthcare information (PHI) associated with them–have been left exposed online due to unsecured technology . . . Read more
The group published files stolen from the Brazilian aircraft manufacturer in a ransomware attack last month. Hackers have dumped sensitive company data that was stolen during a ransomware attack last month on aircraft manufacturer Embraer. The compromised data appeared on a new dark web site created to publish leaked information, . . . Read more
The ransomware group pilfered payment-card data and credentials for over a year, before ending with an attack last month that shut down many of the South Korean retailer’s stores.
An offshore Cayman Islands bank’s backups, covering a $500 million investment portfolio, were left unsecured and leaking personal banking information, passport data and even online banking PINs.
Philippines COVID-KAYA app allowed for unauthorized access typically protected by ‘superuser’ credentials and also may have exposed patient data. A platform used by healthcare workers in the Philippines designed to share data about COVID-19 cases contained multiple flaws that exposed healthcare worker data and could potentially could have leaked patient . . . Read more
A cloud misconfiguration affecting users of a popular reservation platform threatens travelers with identity theft, scams, credit-card fraud and vacation-stealing. A widely used hotel reservation platform has exposed 10 million files related to guests at various hotels around the world, thanks to a misconfigured Amazon Web Services S3 bucket. The . . . Read more