RailYatri, the company behind one of India’s most popular travel booking sites exposed 43GB of customer and corporate data before it was deleted by the infamous “Meow” attacker. A team at SafetyDetectives discovered an Elasticsearch server without password protection or encryption on August 10. It failed to get a response from the company in question, government-backed travel marketplace RailYatri, but the database was eventually secured after contact was made with India’s national CERT (CERT-In). However, that was too late to save most of the information stored there: the Meow bot struck on August 12 and apparently deleted all but 1GB…
ISBuzz Team
As reported by The Verge, Uber’s former security chief has been charged with obstruction of justice for trying to hide a data breach from the Federal Trade Commission and Uber management, according to a statement from the Department of Justice. Joseph Sullivan, who was Uber’s chief security officer from April 2015 to November 2017, allegedly concealed the hack that occurred in October 2016, which exposed confidential data of 57 million drivers and customers, including drivers’ license information. Uber paid the hackers $100,000 in bitcoin to delete the data, according to the Justice Department. (Sullivan was later fired.)
Grocery delivery and pick-up service Instacart disclosed a security incident caused by two employees working for a company providing tech support services for Instacart shoppers. According to a press release published today, Instacart says the two employees “may have reviewed more shopper profiles than was necessary in their roles as support agents. https://twitter.com/avast_antivirus/status/1296839723881607171
A South Dakota news site reveals that the June 2020 “BlueLeaks” massive data breach resulted in the exposed identities of the state’s citizens who tested positive for COVID-19: Massive data breach affects SD COVID-19 patients. In response, cybersecurity experts offer thoughts.
According to researchers, hackers are attempting to exploit SQL injection, authorization issues, and unauthenticated stored cross-site scripting (XSS) security vulnerabilities in the Discount Rules for WooCommerce WordPress plugin which has more than 30,000 installations.
Social Data, a company that sells social media data to marketers, has left nearly 235 million YouTube, TikTok, and Instagram profiles exposed, according to The Independent. A report Comparitech revealed that the company managed a database that was neither password-protected nor had any authentication methods. The data involved reportedly includes information including names, contact information, personal information, images, and statistics about followers – as well as detailed information about those accounts, such as engagement rate, follower growth rate, audience gender, audience location, and likes.
The University of Utah revealed today that it paid a ransomware gang $457,000 in order to avoid hackers leaking student information. The university’s cyber insurance policy paid part of the ransom, and the university covered the remainder. https://twitter.com/lordboots/status/1297363684809990145
A vulnerability in Thales’ Cinterion EHS8 M2M module, a Java-powered embedded 3G system used in millions of Internet-of-Things devices for connectivity, was revealed yesterday, as reported by The Register. The bug (CVE-2020-15858), was discovered by IBM’s X-Force Red and disclosed to Thales, who addressed it in a patch made available to IoT vendors in February. This vulnerability makes it possible for a potential attacker to extract the code and other resources from a vulnerable device. When bad actors have this information, they could then reverse-engineer it to find further vulnerabilities to exploit, and secret keys and passwords to extract, possibly leading…
Cisco has disclosed a critical flaw affecting its ENCS 5400-W Series and CSP 5000-W Series appliances, which is due to their software containing user accounts with a default, static password. During internal testing Cisco discovered its Virtual Wide Area Application Services (vWAAS) with Cisco Enterprise NFV Infrastructure Software (NFVIS)-bundled images for the appliances have user accounts with the fixed password. The default password means a remote attacker without credentials could log into the NFVIS command-line interface of a vulnerable device with administrator privileges. Cisco has also posted two more high-severity advisories that can be addressed by installing software updates it recently made available. Multiple…
The Homeland Security Systems Engineering and Development Institute, sponsored by the Department of Homeland Security and operated by MITRE, today released the 2020 Common Weakness Enumeration (CWE) Top 25 Most Dangerous Software Weaknesses list. The Top 25 uses data from the National Vulnerability Database (NVD) to compile the most frequent and critical errors that can lead to serious vulnerabilities in software. An attacker can often exploit these vulnerabilities to take control of an affected system, obtain sensitive information, or cause a denial-of-service condition.