Security News

Many online stores are exposing private backups in public folders, including internal account passwords, which can be leveraged to take over the e-commerce sites and extort owners. According to a study by website security company Sansec, roughly 12% of online stores forget their backups in public folders due to human error or negligence.

Too many online store administrators are storing private backups in public folders and exposing database passwords, secret API keys, administrator URLs and customer data to attackers who know where to look. The researchers have analyzed 2037 online stores of various sizes and running of various e-commerce platforms and found that 250 of them stored archive files in the public web folder, accessible to all.

GoTo is a well-known brand that owns a range of products, including technologies for teleconferencing and webinars, remote access, and password management. If you've ever used GoTo Webinar, GoToMyPC, or LastPass, you've used a product from the GoTo stable.

LastPass-owner GoTo on Tuesday disclosed that unidentified threat actors were able to steal encrypted backups of some customers' data along with an encryption key for some of those backups in a November 2022 incident."The affected information, which varies by product, may include account usernames, salted and hashed passwords, a portion of multi-factor Authentication settings, as well as some product settings and licensing information," GoTo's Paddy Srinivasan said.

GoTo has confirmed on Monday that attackers have stolen customers' encrypted backups from a third-party cloud storage service related to its Central, Pro, join. The attackers have also managed to grab an encryption key for a portion of the encrypted backups.

GoTo is warning customers that threat actors who breached its development environment in November 2022 stole encrypted backups containing customer information and an encryption key for a portion of that data. "Our investigation to date has determined that a threat actor exfiltrated encrypted backups related to Central and Pro from a third-party cloud storage facility," reads the notice to customers.

Genie Timeline Pro 10 helps you make those backups with minimal effort. Made for Windows, this powerful utility lets you configure automated backups in three easy steps, but it also has plenty of advanced features.

Data backup has traditionally been in the operational domain of IT, while security teams have been responsible for threats to data from attacks. With many backup and recovery companies now referring to themselves as data protection platforms and with a list of new terminology and features representing a new paradigm in the backup world, staying on top of the new terms and features is complex.

The U.S. Cybersecurity and Infrastructure Security Agency has added two vulnerabilities impacting Veeam Backup & Replication software to its Known Exploited Vulnerabilities Catalog, citing evidence of active exploitation in the wild. "The Veeam Distribution Service allows unauthenticated users to access internal API functions," Veeam noted in an advisory published in March 2022.

Based on a screenshot from Apple, these categories are covered when you flip on Advanced Data Protection: device backups, messages backups, iCloud Drive, Notes, Photos, Reminders, Safari bookmarks, Siri Shortcuts, Voice Memos, and Wallet Passes. Apple says the only "Major" categories not covered by Advanced Data Protection are iCloud Mail, Contacts, and Calendar because "Of the need to interoperate with the global email, contacts, and calendar systems," according to its press release.