A cloud misconfiguration at the gaming-gear merchant potentially exposed 100,000 customers to phishing and fraud. Security consultant Bob Diachenko ran across a misconfigured Elasticsearch cloud cluster that exposed a segment of Razer’s infrastructure to the public internet, for anyone to see. Source: https://threatpost.com/razer-gaming-fans-data-leak/159147/
ISBuzz Team
With T-Mobile recently falling victim to a major SIM swap fraud attack and millions of other consumers still being affected by similar hacks, there is now an urgent need for more robust authentication and verification methods that guard against the ongoing threat posed by SIM swapping. The coronavirus pandemic has seen a large number of cybercriminals and hackers alter their focus, exploiting the uncertainty experienced by billions across the globe. The last few months have seen much of the focus drawn to consumers, who have spent much more time online and on their mobile devices than before. As a result,…
Microsoft has shared its latest insights into election security intelligence. The advisory mentions three threat actors – including APT28, otherwise known as Fancy Bear. APT28 promotes the political interests of the Russian government, and is known for hacking Democratic National Committee emails to attempt to influence the outcome of the United States 2016 presidential elections.
Security researchers today revealed that Razer, Inc., a global gaming hardware manufacturing company, e-sports and financial services provider, left thousands of customers’ order and shipping details exposed on the web without password via a misconfigured server. The exposed information includes full name, email, phone number, customer internal ID, order number, order details, billing and shipping address. The exact number of affected customers is yet to be assessed as originally it was part of a large log stored on a company’s Elasticsearch cluster misconfigured for public access since August 18th, 2020 and indexed by public search engines. Based on the number…
A new Bluetooth security flaw has been discovered that would potentially allow an attacker to connect to a user device without authentication, according to a statement by the Bluetooth Special Interest Group. The statement says that, for the attack to be successful “an attacking device would need to be within wireless range of a vulnerable Bluetooth device”. While Apple protects against some forms of Bluetooth attack by requiring apps to ask user permission before a connection is initiated, vulnerability to so-called Man-In-The-Middle (MITM) attacks is less clear.
Equinix, one of the world’s largest providers of on-demand colocation data centers, has disclosed today a security breach. In a short statement published on its website, Equinix said it found ransomware on its internal systems, but that the main core of its customer-facing services remained unaffected. “Our data centers and our service offerings, including managed services, remain fully operational, and the incident has not affected our ability to support our customers,” the company said. Full story: https://www.zdnet.com/article/data-center-giant-equinix-discloses-ransomware-incident/
The new vulnerability report Giggle; laughable security from Digital Interruption reveals that the Giggle user community’s founders ignored warnings of a serious vulnerability that exposed women and teens’ location and other data, exposing them to sharp risk. The report also details the Giggle team’s failure to delete user data when accounts are deleted; and flawed and questionable user verification processes.
More than 600,000 WordPress sites running vulnerable File Manager plugin versions are being attacked due to a critical remote code execution flaw, and the attackers have also been seen protecting the sites they compromised from other bad actors’ attacks.
As reported by ITV, in a bid to stem harmful behavior online, law reforms are now targeting abusive messages, cyber flashing, and “pile on” harassment have been proposed in a bid to stem harmful behavior online. As per the Law Commission, existing safeguards have failed to keep up with changes in how we communicate today. Few definitions: Cyberflashing: when someone sends an unsolicited sexual image to another device nearby. “pile on” harassment – where online harassment is co-ordinated against an individual – have become commonplace on the internet, via apps and across social media platforms. Yet online abuse covered under current communications offenses…
A survey of 500 IT professionals by Exonar found that 94% of respondents have experienced a data breach, and 79% were worried their organisation could be next. In terms of what is causing the breaches, 40% of respondents to the Exonar survey said accidental employee incidents were to blame, compared to 21% who said it is external attackers.