Web Security | SC Media

Web Security

Malicious actor holds at least 31 stolen SQL databases for ransom

A malicious cyber actor or hacking collective has reportedly been sweeping the internet for online stores’ unsecured SQL databases, copying their contents, and threatening to publish the information if the rightful owners don’t pay up. The perpetrator has stolen the copied versions of at least 31 SQL databases, which have been put up for sale…

Colorado, Florida & Ohio become latest states to disclose PUA program data leaks

Colorado, Ohio and Florida have become the latest states to disclose the accidental exposure of information belonging to citizens who applied to the federal Pandemic Unemployment Assistance program as a means of seeking some financial security during the ongoing COVID-19 crisis. In all cases, the states said a very limited number of people inadvertently gained…

Device owners demand opt-out power from COVID-19 contact tracing apps

To encourage widespread acceptance of Bluetooth-based COVID-19 contact tracing applications, developers should allow consumers to opt out of data sharing at any time, and they should also be more forthcoming about their security efforts and data usage, according to the results of a new survey. For the study, Checkmarx polled 1,500 Americans and found that…

Low unemployment

Arkansas, Illinois COVID-19 unemployment websites leak data

Arkansas and Illinois both reportedly exposed sensitive citizen data after failing to adequately secure web services that the states urgently propped up in order to process applications for the federal Pandemic Unemployment Assistance program. Experts say the hurried pace of setting up these digital services could very well have resulted in glitches and overlooked gaps…

Data Breach Disclosure

GoDaddy takes seven months to discover data breach

Cybersecurity pros are coming down hard on GoDaddy after the domain registry company reported that an outsider had accessed customer login credentials possibly affecting all 19 million company accounts. GoDaddy informed its customers on May 4 of the breach saying an unauthorized individual accessed the login credentials used to connect to SSH on the hosting…

NintendoSwitch

Resellers reportedly using bots to buy up in-demand Nintendo Switches

Consumers sheltering in place at home who were hoping to order a Nintendo Switch to stave off cabin fever during the COVID-19 pandemic have reportedly been thwarted by a newly introduced bot program designed to buy up consoles from e-retailers before ordinary humans can. Dubbed Bird Bot, the open-source tool has been used by buyers…

San Francisco airport websites hacked to swipe personal device credentials

Two websites affiliated with San Francisco International Airport (SFO) were compromised with code last March, allowing attackers to steal device login credentials from users who visited these sites, airport officials have disclosed. The breach affected the websites SFOConnect.com, which appears to deliver informational content to the SFO workforce, and SFOConstruction.com, which includes details on airport…

Next post in Vulnerabilities