Security News
A hapless IT bod found the Have I Been Pwned service answering its own question in a way he really didn't want - after a breach report including a SQL string KO'd his company's helpdesk ticket system. A pseudonymous blogger posting under the name Matt published a tortured account of what happened when a breach notification email from HIBP was ingested into his firm's helpdesk ticket system and was automatically assigned a ticket ID. The company used version 9.4.5 of the GLPi open source helpdesk system, a rather old product but quite functional.
In many or most recent data breaches where authentication data gets stolen, the crooks don't end up with your actual password along with your login name. Passwords usually are - or certainly should be! - stored in a hashed form, where the hash can be used to verify that a supplied password is correct, but can't be wrangled backwards to reveal what the password was.
The San Francisco Employees' Retirement System this week disclosed a data breach that impacted over 70,000 of its members. According to the vendor, while it has no evidence that any data pertaining to SFERS members was removed from the server, it cannot confirm that the perpetrators did not access or copy the data.
Nearly 80% of the companies had experienced at least one cloud data breach in the past 18 months, and 43% reported 10 or more breaches, a new Ermetic survey reveals. "Even though most of the companies surveyed are already using IAM, data loss prevention, data classification and privileged account management products, more than half claimed these were not adequate for protecting cloud environments," said Shai Morag, CEO of Ermetic.
A distributed denial-of-service attack crippled the websites and systems of Minneapolis late last week, but no data appears to have been breached. Most of the systems were restored quickly, and Minneapolis CIO Fadi Fadhil said that the city had proactive measures in place to respond to and mitigate such attacks when they occur.
This study shows that most people don't change their passwords after a breach, and if they do they change it to a weaker password. Abstract: To protect against misuse of passwords compromised in a breach, consumers should promptly change affected passwords and any similar passwords on other accounts.
Joomla, one of the most popular Open-source content management systems, last week announced a new data breach impacting 2,700 users who have an account with its resources directory website, i.e., resources. The company said the incident came to light during an internal website audit that revealed that a member of the Joomla Resources Directory team stored a full unencrypted backup of the JRD website on an Amazon Web Services S3 bucket owned by the third-party company.
Joomla, one of the most popular Open-source content management systems, last week announced a new data breach impacting 2,700 users who have an account with its resources directory website, i.e., resources. The company said the incident came to light during an internal website audit that revealed that a member of the Joomla Resources Directory team stored a full unencrypted backup of the JRD website on an Amazon Web Services S3 bucket owned by the third-party company.
Japan-based systems integrator NTT Communications has disclosed a recent data breach that it said impacted hundreds of customers. NTT Communications did not clarify what kind of data may have been accessed, nor did it mention how attackers were able to move laterally on the network.
Minted, an online marketplace of crowdsourced art and graphic designs, this week confirmed that it was the victim of a data breach earlier this month. Information on a security incident affecting Minted became public several weeks ago, when a hacking group referred to as Shiny Hunters started advertising user records stolen in multiple fresh data breaches, including information exfiltrated from Minted.