Exposed News, Articles and Updates

Tesla insider: Saboteur or whistleblower?

A former employee who Tesla pegged earlier this week as a saboteur said instead that he is a whistleblower trying to expose "some really scary things" at the innovative car company.

Encryption: US is the most exposed country, report

The United States is the most exposed country in the world when measuring for the number of services that either don't offer modern cryptographic protection or are otherwise unsuitable to offer on the increasingly hostile internet.

Australian bank mistakenly sent data on 10K customers to wrong domain

After Commonwealth Bank of Australia (CBA) financial staff inadvertently didn't include an ".au" on a domain name, the bank exposed information on 10,000 customers to a foreign company.

Open AWS S3 bucket exposes info on 50,000 Honda India

Honda Car India is singing a familiar refrain - an unsecured Amazon AWS 3 bucket, this time actually two servers, exposed the personal information of tens of thousands of users.

Wide open Apache Airflow server at UMG contractor exposes credentials

An unsecured Apache Airflow server at cloud data storage contractor Agilisium exposed internal FTP credentials, SQL passwords and AWS secret access key and password information for Universal Music Group.

Open ports left over 1,000 SingTel routers vulnerable to cyber-attacks

More than 1,000 owners of Wi-Fi routers were left exposed to potential cyber-attacks after Singapore Telecommunications Limited forgot to secure port 10000 in its Wi-Fi gigabit router devices.

Ghostery's GDPR notification exposes recipients addresses in batch emails

It seems the path to GDPR is fraught with GDPR violations - at least for privacy browser Ghostery, which exposed the email addresses of users to other users when it sent out GDPR notification emails Friday.

Fourth Spectre-style Intel chip flaw revealed: speed vs security trade-off

New Spectre-style vulnerability affecting Intel chips uncovered by bug bounty programme. Intel has confirmed a new exploit - titled Variant 4 - that uses speculative execution, to potentially expose data through a side channel.

Satori botnet searching internet for open Ethereum mining rigs

Increasing value of cryptocurrency sees hackers look out for mining hardware. Security researchers have discovered a large Satori botnet that is scanning the internet for exposed Ethereum cryptocurrency mining rigs.

RSA: Trustjacking exploit abuses iTunes feature to spy on iOS devices

It has long been established that plugging one's iPhone into an unknown computer or hardware device exposes that mobile phone to potentially malicious cyber-activity.

Medical supplier Inogen hit with breach, 30,000 possibly affected

A US-based medical device manufacturer reported that 30,000 former and current customers may have had their personal information exposed when a company employee's email account was compromised.

Information on 6,800 CareFirst members exposed in phishing attack

CareFirst BlueCross BlueShield said one of its employees recently fell victim to a phishing attack that led to thousands of its members' personal information being exposed.

Grindr flaws spill personal info on users, reveals locations

Security flaws in Grindr can expose the personal information and location of its three million or so users.

Unsecured N.Y. medical practice server exposes 42,000 records

A Long Island, New York, medical practice left an exposed port normally used for remote synchronisation open exposing at least 42,000 medical records.

US counter-terrorism operation exposed Slingshot APT campaign

A recently published Kaspersky Lab report that exposed a sophisticated, six-year cyber-espionage campaign targeting the Middle East and Africa disrupted an active counter-terrorism operation.

AWS S3 bucket managed by Walmart jewellery partner exposes info on 1.3M

Personal information belonging to 1.3 million customers of Walmart jewellery partner MBM Company has been exposed because yet another Amazon S3 bucket was left open on the internet.

Middleboxes in Turkish telecom redirecting users to nation-state spyware

Security researchers have uncovered how deep packet inspection middleboxes are being used either to expose Turkish nationals to nation-state spyware or to redirect Egyptian Internet users to ads and browser cryptocurrency.

Report: Age verification tool for porn sites raises privacy concerns in UK

The UK-based digital watchdog organisation Open Rights Group is expressing concern that an age verification tool for pornography sites could potentially expose users' sensitive data, according to a report from the BBC.

Researchers identify extortion as motive behind memcached DDoS attacks

The adversaries who have been abusing exposed memcached servers to launch amplified distributed denial of service attacks have been including a ransom note amidst their flood of malicious packets, according to researchers.

Equifax breach worse than thought, consumers affected now total 147.9M

Equifax has once again bumped up the estimated number of US consumers affected by its massive breach - now saying that data on 147.9 million was somehow exposed.