Web Security | SC Media

Web Security

Data management firm exposed client info on open Amazon S3 buckets: researchers

Data from Netflix, TD Bank, Ford and other companies was left exposed for an unknown period of time on publicly configured cloud storage buckets operated by data integration and management company Attunity, according to the research team that discovered the error. A researcher from UpGuard’s Data Breach Research team found the three publicly accessible Amazon…

Pair of vulnerabilities could have enabled takeover of EA gamer accounts

Prolific video game developer Electronic Arts Inc. (aka EA Games) has reportedly patched a pair of vulnerabilities that attackers could have exploited to hijack millions of player accounts, access their payment card information and make fraudulent purchases. The first flaw could have allowed actors to hijack an EA Games subdomain, while the other could have…

Federal agencies still using insecure knowledge-based verification for online services

A performance audit of six U.S. government agencies found that four of them are still using knowledge-based questions to verify the identities of individuals applying for federal benefits or services, even though this practice is considered outdated and insecure, especially in light of the 2017 Equifax breach. Knowledge-based verification questions are typically created by credit…

Cyber gangs battle to take down Xbox and PlayStation gaming networks for Christmas.

Gaming industry has become popular target of credential stuffing attacks: study

A company’s recent analysis of credential abuse activity over a 17-month period uncovered roughly 55 billion credential stuffing attack attempts against various online services, roughly 12 billion of which targeted the gaming industry. Researchers at Akamai Technologies revealed the data in their latest State of the Internet/Security report, which specifically focuses on web attacks and…

Apple adds security measures for app, website developers

Apple included a single sign on tool and a new email security feature in iOS 13 that software developers can implement in their apps and websites, the company announced this week at its Worldwide Developers Conference. To facilitate a customer’s ability to sign into an app or website Apple introduced Sign In with Apple. This…

Some of the biggest tech and internet corporations began releasing updated transparency reports.

Reports: Hacking accusations debunked after leak of New Zealand budget plan

Accusations from New Zealand’s Treasury department that someone had hacked the agency’s website and stole budget plans that was later leaked to the public turned out to be premature, after investigators reportedly determined that individuals were able to access the documentation due to website error. After details of a forthcoming budget plan promised by New…

Hacker has designs on Canva data, steals info belonging to 139M users

The graphic design website Canva was hacked last Friday in an data theft incident that reportedly compromised the data of approximately 139 million users. According to an online support page, Sydney-based Canva detected the attack while in progress on May 24, and immediately took action to fix the cause of the breach. Exposed data included…

Mozilla fires up another Firefox update, patching 24 vulnerabilities

The Mozilla Foundation yesterday issued version 67 of its Firefox browser and version 60.7 of Firefox Extended Support Release (ESR), in the process patching 24 vulnerabilities between them, two of them critical. The two most serious flaws consisted of a series of memory bugs found by the browser’s developers and the greater Mozilla community. The first set…

Report: Hacking group wipes content from over 12,000 open MongoDB databases

In less than a month’s time, the “Unistellar” hacking group has reportedly accessed over 12,000 unsecured MongoDB databases and stolen their contents, apparently holding them for ransom. Security researcher Sanyam Jain initially discovered the wiped databases late last month using the BinaryEdge scanning service, according to a BleepingComputer report last Friday. The 12,564 sabotaged databases…

Breach of Stack Overflow’s production systems exposes data on roughly 250 users

An unauthorized party accessed Stack Overflow’s production systems earlier this month and executed privileged web requests that exposed information on roughly 250 public network users, the Q&A website for programmers announced last Friday. Stack Overflow Vice President of Engineering Mary Ferguson said in a May 17 blog post that the intruder exploited a bug in…

Next post in Security News