Microsoft Power Pages misconfigurations exposing sensitive data

November 15, 2024 at 01:39AM Misconfigured Microsoft Power Pages websites are exposing sensitive data of millions, including personal identifiable information (PII), due to lax access controls. Aaron Costello of AppOmni highlights significant leaks, such as one affecting 1.1 million NHS employees. Organizations must enhance security measures for external-facing sites to prevent data breaches. **Meeting Takeaways:** … Read more

Microsoft Power Pages Leak Millions of Private Records

November 14, 2024 at 08:09AM Misconfigured access controls in Microsoft Power Pages are exposing millions of sensitive records online, as many sites fail to implement necessary security measures. This widespread issue affects various industries, allowing unauthorized access to personal data, including that of 1.1 million NHS employees. Awareness exists, but negligence persists among developers. ### … Read more

Incident Response, Anomaly Detection Rank High on Planned ICS Security Spending

November 12, 2024 at 07:05AM The SANS State of ICS/OT Cybersecurity 2024 report reveals insights from 530 professionals on current and planned technologies in critical infrastructure. Key current technologies include access controls and backup tools, while future focus areas include ICS-specific training and metrics. Increasing investment in less-deployed technologies like SBOM and SOAR is noted. … Read more

Thousands of ServiceNow KB Instances Expose Sensitive Corporate Data

September 18, 2024 at 01:42PM ServiceNow’s enterprise knowledge bases (KBs) continue to expose sensitive corporate data, despite last year’s security improvements. AppOmni’s research found 45% of instances leaked internal data due to outdated configurations and misconfigured access controls. ServiceNow acknowledged the issue and identified changes but encountered challenges protecting KBs due to internal and external … Read more

Google Cloud Document AI flaw (still) allows data theft, despite bounty payout

September 17, 2024 at 04:24PM Google Cloud’s Document AI service has a vulnerability that could be exploited by attackers to access and steal sensitive data from Cloud Storage buckets. Despite being reported, Google has yet to fully address the issue, leaving the attack vector open. The nature of the vulnerability and back-and-forth with Google regarding … Read more

Thousands of Oracle NetSuite Sites at Risk of Exposing Customer Information

August 20, 2024 at 01:33AM Cybersecurity researchers warn of vulnerabilities in thousands of Oracle NetSuite e-commerce sites, exposing customer data. A misconfiguration in NetSuite’s SuiteCommerce platform allows attackers to access sensitive information, requiring site administrators to tighten access controls and temporarily take impacted sites offline. Another disclosure details a way to manipulate credential validation in … Read more

Thousands of Oracle NetSuite E-Commerce Sites Expose Sensitive Customer Data

August 16, 2024 at 12:41PM Widespread misconfiguration in Oracle NetSuite’s SuiteCommerce ERP platform has exposed customer data on thousands of websites. The issue, uncovered by AppOmni, allows unauthorized access to sensitive data due to misconfigured access controls on custom record types. NetSuite urged customers to review their security settings, as SaaS security programs need more … Read more

New Mindset Needed for Large Language Models

May 23, 2024 at 10:08AM The commentary highlights the growing use of large language models (LLMs) and the associated security risks. An incident involving a compromised chatbot raises concerns about the potential exploitation of LLMs for extracting sensitive data. The author provides best practices for securing LLMs, emphasizing the need for proactive monitoring, hardened prompts, … Read more

Security Teams & SREs Want the Same Thing: Let’s Make It Happen

May 8, 2024 at 10:06AM Security teams and SREs share common priorities including access controls, network design, observability, releases, incident response, and eliminating toil. They also have differences such as error budgets, measuring challenges, and compliance. To optimize organizational efficiency, collaboration, respect, and choosing each other’s priorities are key to leveraging their shared interests and … Read more

The Psychological Underpinnings of Modern Hacking Techniques

May 2, 2024 at 03:35PM Summary: The landscape of cybersecurity involves psychological tactics alongside technological defenses. The MGM Casino hack exemplifies the evolution of social engineering, demonstrating sophisticated strategies that leverage psychological manipulation. The incidents highlight the human element as an exploitable vulnerability, emphasizing the need for security awareness training, strict access controls, and verification … Read more