Security News

Bonobos men's clothing store has suffered a massive data breach exposing millions of customers' personal information after a cloud backup of their database was downloaded by a threat actor. Bonobos started as an online men's clothing store but later expanded to sixty locations to try on clothes before purchasing them.

The 14GB leaked database contains 77,159,696 records with users' email addresses, full names, bcrypt hashed passwords, titles, company names, IP addresses, and other system-related information. Nitro is an application that helps create, edit, and sign PDFs and digital documents, an app that Nitro Software claims to have over 10,000 business customers and roughly 1.8 million licensed users.

Oracle announced that Oracle Database 21c, the latest version of the world's leading converged database, is available on Oracle Cloud, including the Always Free tier of Oracle Autonomous Database. "Oracle Database 21c continues our strategy of delivering the world's most powerful converged database engine," said Andrew Mendelsohn, executive vice president, database server technologies, Oracle.

A "Malwareless" ransomware campaign delivered from UK IP addresses targeting weak security controls around internet-facing SQL servers successfully pwned 83,000 victims, according to Israeli infosec biz Guardicore. "The attack chain is extremely simple and exploits weak credentials on internet-facing MySQL servers" said Guardicore's Ophir Harpaz in a technical advisory today, estimating that there around five million MySQL servers accessible from the public internet.

Exploiting weak credentials on MySQL servers connected to the Internet, an ongoing ransomware campaign has compromised more than 250,000 databases to date, according to a warning from security vendor Guardicore. With more than five million Internet-facing MySQL servers on the internet, the attacks are expected to continue against those with weak authentication credentials.

Hackers have set up an auction site on the dark web to sell 250,000 databases stolen from tens of thousands of breached MySQL servers. Back in May, BleepingComputer reported about an attacker that was stealing SQL databases from online shops and threatening victims that their data would become public if they did not pay 0.06 BTC. Although the hacker's website on the clear web listed only 31 databases, the number of abuse reports for the wallet left in the ransom note was above 200, indicating a much larger operation.

A police constable has been sacked after reportedly tracking down young women motorists through their car numberplates and propositioning them on social media. Stephen Woods, formerly of Guernsey Police, was dismissed from the Channel Island's local force after searching for their car registration details to find their names.

Earlier this year, Aerospike released Database 5 with enhanced Cross-Datacenter Replication, enabling data to be dynamically routed between two or more geographically distributed clusters. Now, with the addition of expressions to XDR, Aerospike Database 5 easily routes just the right data to the right target at the right time.

The unsecured Elasticsearch database was 5.5 gigabytes and contained 13,521,774 records of at least 100,000 Facebook users. The data in the exposed database included credentials and IP addresses; text outlines for comments the fraudsters would make on Facebook pages that directed people to suspicious and fraudulent websites; and personally identifiable information data such as emails, names and phone numbers of the Bitcoin scam victims.

Security researchers have discovered a new malware geared with modules that target Oracle Micros Hospitality RES 3700 point-of-sale systems, one of the most widely used management software in the hospitality industry. Named ModPipe, the malware is a modular backdoor that can steal the passwords for the PoS system databases by decrypting them from Windows registry values.