Check Point Research found thousands of Firebase cloud databases that exposed chat messages in gaming apps, personal photos, token IDs in healthcare apps and data from cryptocurrency platforms. One app discovered was from a large Dept Store in South America application (10+ Million Downloads) that had mistakenly exposed its API gateway credentials and API keys. CPR was able to access this data without facing any kind of protective mechanism. Other similar apps had their data exposed for all to see: Bookkeeping Application (1+ Million Downloads)Dating Application (10,000+ Downloads)Social Audio platform application (5+ Million Downloads)Running Tracker Application (100,000+ Downloads)Logo Design Application…
ISBuzz Team
The U.S. Cybersecurity & Infrastructure Security Agency (CISA) has added fifteen additional flaws to its list of actively exploited vulnerabilities known to be used in cyberattacks. CISA is giving federal agencies a deadline of April 5, 2022, to apply the available security updates … Description Patch Deadline SonicWall SonicOS Buffer Overflow Vulnerability 4/5/2022 Microsoft Windows UPnP Service Privilege…
A new Linux botnet, named B1txor20 was found exploiting Log4J, targeting Linux systems and infecting dozens of vendors who are using the vulnerable Apache Log4j logging library. The botnet uses the exploit to steal sensitive information, install rootkits, create reverse shells and act as web traffic proxies. What makes this bot unique is that it was using DNS tunnelling to conceal its communication traffic – an old but reliable technique.
According to TechCrunch, Instagram has announced the release of new safety tools for parents to use to protect young users. A new centralised hub, called the “Family Centre” has been introduced by Meta, providing parents with new supervision and safety features, giving parents transparency into their children’s Instagram usage habits. Parents can monitor time spent on the app, followed accounts and receive notifications of any accounts they have reported. The announcement comes as Meta have been criticised for not doing enough to protect vulnerable users.
Cequence Security, the industry leader in API security, today released its “API Security Threat Report: Bots and Automated Attacks Explode,” revealing that both developers and attackers have made the shift to APIs. Of the 21.1 billion transactions analyzed by Cequence Security in the last half of 2021, 14 billion (70 percent) were API transactions. Three attack trends they discuss: Attack Trend One: Fraud Comes in Many Forms – Gift Card Fraud, Loan Fraud and Payment FraudIn late July, Cequence saw retail customers get hit with a 2800% increase in ATOs averaging 700K attacks per day with the end goal of…
The U.S. Federal Trade Commission (FTC) wants to slap the former owner of the CafePress custom t-shirt and merchandise site with a $500,000 fine for failing to secure its users’ data and attempting to cover up a significant data breach impacting millions. As the consumer protection watchdog explained, CafePress’ former owner, Residual Pumpkin Entity, stored its customers’ Social Security numbers and password reset answers in plain text, and their data longer than necessary. “As a result of its shoddy security practices, CafePress’ network was breached multiple times,” the FTC said in its announcement: FTC Takes Action Against CafePress for Data Breach…
A new LokiLocker ransomware family has been spotted with a built-in wiper that targets English-speaking victims, capable of erasing all non-system files from infected Windows PCs. This proves ransomware is not just a malware problem.
Facebook’s parent company, Meta, has been fined €17 million (~$18.6 million) by the Irish Data Protection Commission (DPC) over a string of historical data breaches.
Sift’s Q1 Digital Trust & Safety Index reveals rising fraud across fintech, company releases Trust Intelligence Center for Trust and Safety Professionals Sift, the leader in Digital Trust & Safety, today released its Q1 2022 Digital Trust & Safety Index, detailing the increasingly sophisticated—and often automated—tactics cybercriminals leverage to commit payment fraud. Derived from Sift’s global network of over 34,000 sites and apps and a survey of over 1,000 consumers, the index reveals that the payment fraud attack rate (the rate of fraudulent transactions blocked by Sift out of total transactions) across fintech ballooned 70% in 2021—making it the highest…
Industry leaders reacted below on the news that Israel says its government websites were hit by cyber attack.