Database security news, articles & updates| SC Media

Database security

MongoDB hacker threatens to report breach to GDPR

A hacker that uploaded ransom notes on nearly 23,000 MongoDB databases left exposed online without passwords has given his potential victims until tomorrow to pay a $140 ransom, or possibly report the breach to local GDPR authorities. According to recent ZDNet story, the hacker used an automated script to scan for misconfigured MongoDB databases, effectively…

BMW issues security patch for bug allowing attackers physical access into vehicles

BMW customer database for sale on dark web

A database of 384,319 BMW car owners in the U.K. is being offered for sale on an underground forum by the KelvinSecurity Team hacking group, according to KELA, a darknet threat intelligence firm, based in Tel Aviv. The hacking group, which last week tried to sell databases related to U.S. business consulting firm Frost & Sullivan,…

OneClass unsecured S3 bucket exposes PII on more than one million students, instructors

An unsecured database belonging remote learning platform OneClass has exposed information associated with more than a million students in North America who use the platform to access study guides and educational assistance. “By not securing its users’ data, OneClass has created a goldmine for criminal hackers, jeopardizing the privacy and security of over a million…

Frost & Sullivan employee, customer data for sale on dark web

A group is hawking records of more than 12,000 Frost & Sullivan’s employees and customers on a hacker folder. “The breach occurred to a misconfigured backup directory on one of Frost and Sullivan public-facing servers,” Cyble CEO Beenu Arora said in a BleepingComputer report. “The backup directory had its employees and customers records, along with…

Honeypot study: Unsecured database simulation attacked 18x per day on average

Now there’s proof that every random minute counts when a database is left unsecured on the web. In fact, a recent Comparitech experiment led by researcher Bob Diachenko found that hackers attacked a simulation of an unsecured database an average of 18 times per day. In a June 10 blog post, Comparitech Privacy Advocate Paul…

Defending the database

Exposure of 7.4B records at Le Figaro highlights ongoing problems with misconfigured databases

The exposure of 7.4 billion personal information-laden records, including some login credentials, at France’s Le Figaro underscores how unsecured databases persist even in a world hyperaware of privacy and data security. The database, exposed by an unsecured Elasticsearch server and containing more than 8TB of data on reporters, employees and 42,000 of the daily newspaper’s…

Clearview AI source code, facial recognition apps, data exposed

In a familiar refrain, a cloud data bucket was left open, but this time the stakes were high – a misconfigured server exposed the source code, copies of its facial recognition apps as well as private data at controversial startup Clearview AI, which gained unwanted notoriety earlier this year for obtaining billions of photos by scraping the…

Five billion records exposed in open ‘data breach database’

More than five billion records were exposed after an Elasticsearch “data breach database” managed by a U.K.-based security firm and housing a trove of security incidents from the last seven years was left unprotected. “Data was very well structured,” wrote security researcher Bob Diachenko, who discovered the Elasticsearch instance, of the information, which included hashtypes,…

Walgreens mobile app leaked PII, PHI on ‘small percentage’ of customers

A leak in the Walgreens mobile app’s messaging service exposed personal information – including what the company said was “limited health-related data” – on a “small percentage” of customers who used the app between Jan. 9-15. “Fortunately for consumers, the short exposure window of the vulnerability and the specific conditions required should keep the impact…

Next post in Security News