June 24, 2024 at 04:38AM The IT world’s diverse issues converge on the importance of software and services supply chain integrity. Despite its critical role, end-of-life database software receives inadequate attention, contrasting with the prominent AI and cybercrime coverage. Parallels are drawn with the food standards regulatory system, advocating for a similar approach to software … Read more
May 7, 2024 at 06:35AM UK-based physical security business Amberstone Security exposed nearly 1.3 million documents, including pictures of guards and suspected offenders, through a misconfigured public database. The exposed data raised concerns about personal privacy, public safety, and the integrity of security operations. After notification, Amberstone revoked public access to the database and initiated … Read more
March 25, 2024 at 05:37PM DBOS is an operating system that utilizes a relational database, aiming to minimize expenses, streamline application creation, and uphold cybersecurity and data integrity. Based on the meeting notes, the key takeaways are: 1. The operating system, DBOS, uses a relational database natively. 2. The primary goals are to reduce cost, … Read more
February 26, 2024 at 10:21AM A critical SQL injection vulnerability in the Ultimate Member WordPress plugin with 200,000 installations allowed unauthenticated attackers to extract sensitive data by appending SQL queries. The flaw, tracked as CVE-2024-1071, was assigned a CVSS score of 9.8. The issue was resolved in the Ultimate Member version 2.8.3 on February 19. … Read more
January 17, 2024 at 10:10AM The Border0 security researchers have identified a malicious extortion bot targeting publicly exposed PostgreSQL and MySQL databases with weak passwords. This bot autonomously wipes out vulnerable databases and leaves a ransom note, claiming to back up the data when in reality it only saves a small portion. It has managed … Read more
December 21, 2023 at 10:09AM Unprotected database belonging to Real Estate Wealth Network left accessible online for unknown duration. Discovered by Jeremiah Fowler, 1.16TB database contained 1.5B records, including property, tax, ownership, and personal information of millions, including celebrities and politicians. Real Estate Wealth Network responded by blocking public access and confirming ownership. Fowler warns … Read more
December 13, 2023 at 05:31AM Close to a million records containing personally identifiable information of donors to non-profits were exposed in an online database owned by DonorView, provider of a fundraising platform for schools, charities, and religious institutions. The exposed data included donor names, addresses, phone numbers, emails, and payment methods, raising concerns about potential … Read more
October 24, 2023 at 06:10AM A third-party contractor running a database without password protection exposed over 500,000 records related to vehicle seizures by the Irish National Police. The exposed data includes scanned identity documents and incident summary reports containing names and details of drivers and officers. The database is owned and operated by an unnamed … Read more