Data broker leaves 600K+ sensitive files exposed online

November 27, 2024 at 01:07PM Over 600,000 sensitive files, including personal criminal histories, were exposed online by SL Data Services in an unprotected database. Security researcher Jeremiah Fowler reported the issue, highlighting risks of phishing and social engineering. Although the database was eventually closed, the exposed information could severely impact individuals and their associates. ### … Read more

Microsoft Power Pages misconfigurations exposing sensitive data

November 15, 2024 at 01:39AM Misconfigured Microsoft Power Pages websites are exposing sensitive data of millions, including personal identifiable information (PII), due to lax access controls. Aaron Costello of AppOmni highlights significant leaks, such as one affecting 1.1 million NHS employees. Organizations must enhance security measures for external-facing sites to prevent data breaches. **Meeting Takeaways:** … Read more

Microsoft Power Pages Leak Millions of Private Records

November 14, 2024 at 08:09AM Misconfigured access controls in Microsoft Power Pages are exposing millions of sensitive records online, as many sites fail to implement necessary security measures. This widespread issue affects various industries, allowing unauthorized access to personal data, including that of 1.1 million NHS employees. Awareness exists, but negligence persists among developers. ### … Read more

MIND Launches “Intelligent” DLP Platform

October 30, 2024 at 09:54PM MIND launched a data loss prevention platform aimed at enhancing data visibility and preventing leaks by using AI for data classification and risk assessment. Founded in 2023, it raised $11 million in seed funding. The platform aims to secure sensitive data across various IT environments, including SaaS and GenAI applications. … Read more

CISA proposes new security requirements to protect govt, personal data

October 22, 2024 at 06:12PM The U.S. Cybersecurity & Infrastructure Security Agency (CISA) proposes new security requirements to protect Americans’ personal and government-related data from adversarial states. Aimed at organizations handling sensitive information, the measures include asset management, vulnerability remediation timelines, and encryption protocols. Public input is encouraged via regulations.gov. Here are the key takeaways … Read more

Cisco confirms ‘ongoing investigation’ after crims brag about selling tons of data

October 15, 2024 at 06:40PM Cisco is investigating a potential data breach following claims from hacker IntelBroker, who alleges they stole and are selling sensitive Cisco files, including source code and credentials. Multiple major companies may be affected. Cisco has not confirmed the breach details, and investigations are ongoing. ### Meeting Takeaways from Cisco Data … Read more

MoneyGram Goes Offline After Vague Cyber Woes

September 24, 2024 at 01:51PM MoneyGram’s payment services are currently down due to a cybersecurity issue, with no clear timeline for resolution. The company informed the public through social media that it’s investigating the issue, involving third-party experts and law enforcement. This raises concerns about the potential exposure of sensitive customer data, making them vulnerable … Read more

Unpacking Slack Hacks: 6 Ways to Protect Sensitive Data with Secure Collaboration

August 26, 2024 at 07:30AM Sensitive data being shared through basic security channels poses risks. Disney’s data breach and other company incidents highlight the need for secure communication tools. SSH Communications Security offers SalaX Secure Collaboration 2024, providing end-to-end encryption, flexible deployment options, and features for data sovereignty, record-keeping, and authentication methods. Learn more about … Read more

Swipe Right for Data Leaks: Dating Apps Expose Location, More

July 22, 2024 at 03:14PM Security researchers from Belgium found that numerous dating apps may compromise users’ privacy by leaking sensitive data and even their exact location. All 15 apps analyzed had vulnerabilities that could be exploited to obtain sensitive user information. Additionally, trilateration techniques were used to pinpoint users’ precise locations, posing potential physical … Read more

Computer maker Zotac exposed customers’ RMA info on Google Search

July 8, 2024 at 06:04PM Zotac, a computer hardware manufacturer, inadvertently exposed customers’ sensitive information through misconfigured web folders holding return merchandise authorization (RMA) data. Google searches with specific parameters revealed personal details such as invoices, addresses, and contact information. Remediation efforts are underway, with data now mostly secured, although still accessible via Google. Customers … Read more