Identity, Vulnerability Management, Privacy

Misconfigured server leaks OWASP Foundation data

SC StaffApril 2, 2024

A detailed view of a server rack, intricate network of cables ensuring internet connection

(Adobe Stock)

Security Affairs reports that the Open Web Application Security Project Foundation had data from its earliest members exposed as a result of an old Wiki web server misconfiguration.

Only individuals who submitted their resumes to join OWASP between 2006 and 2014 had their personally identifiable information compromised, according to the foundation, which noted that resume submission has no longer been required in its membership process.

Such an incident has prompted OWASP to conduct directory browsing deactivation, immediate web server and Media Wiki configuration issue remediation, and CloudFlare cache clearing, as well as seek the erasure of exposed data from the Web Archive.

Despite the outdated nature of the leaked information, OWASP has committed to inform former members whose data may have been impacted. Individuals still using the phone numbers they listed on the old resumes have also been urged to be mindful of potential phone call, email, and mail scams.

SC Staff

Identity

Better identity threat detection sought by new Semperis ML-based tool

SC StaffMay 1, 2024

SiliconAngle reports that more robust high-risk identity threat discovery and response efforts are being aimed by enterprise identity protection startup Semperis with its new machine learning-based Lightning Identity Runtime Protection identity threat detection and response service.

Network Security

UK cracks down on default passwords for smart devices

SC StaffMay 1, 2024

The UK has become the first country worldwide to prohibit Internet of Things device manufacturers from using default usernames and passwords in their products following the approval of the Product Security and Telecommunications Infrastructure act, which seeks to bolster smart device cybersecurity, The Hacker News reports.

The United States Capitol building is seen at sunrise in Washington

Data Security

FTC urged to probe automakers’ location data sharing practices

SC StaffMay 1, 2024

The Federal Trade Commission has been sought by Sens. Ron Wyden, D-Ore., and Ed Markey, D-Mass., to launch an investigation into major automakers' driver location data sharing practices after a congressional probe showed that only five of 14 car manufacturers required warrants or court orders before allowing law enforcement access to such data, according to The Record, a news site by cybersecurity firm Recorded Future.

Related Events

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

Misconfigured server leaks OWASP Foundation data

Related

Better identity threat detection sought by new Semperis ML-based tool

UK cracks down on default passwords for smart devices

FTC urged to probe automakers’ location data sharing practices

Related Events

Identity Resilience: The Missing Piece to Securing Your Identities

Identity security and user experience – there shouldn’t be a trade-off

Detecting the Identity Trojan Horse: The Human Element of Cyber Breaches and its Paradox with Cyber Identity

Get daily email updates