Security News
Clearview AI, the controversial facial recognition startup that's gobbled up more than three billion of our photos by scraping social media sites and any other publicly accessible nook and cranny it can find, has lost its entire list of clients to hackers - including details about its many law enforcement clients. Clearview, which has sold access to its gargantuan faceprint database to hundreds of law enforcement agencies, first came to the public's attention in January when the New York Times ran a front-page article suggesting that the "Secretive company [] might end privacy as we know it."
The owner of the data is Straffic.io, which describes itself as a "Private performance marketing network." According to its Facebook page, the company was founded in June 2017. "As of now, all systems are secure, and we did not find evidence of any data misuse or data loss. We continue to investigate and will notify if we find evidence to the contrary. Although we do our very best to protect the security of our service and deeply regret such a vulnerability has been found on our service, it is impossible to create a totally immune system, and these things can occur."
An unsecured database belonging to a French technology firm that supplies video and digital equipment to plastic surgery and dermatology clinics exposed content on 900,000 patients, according to a report from two independent security researchers. The database belongs to French tech firm NextMotion, according to Noam Rotem and Ran Locar, self-described security researchers and hacktivists, according to their blog post on the site vpnMentor.
Granicus, one of the largest IT service providers for U.S. federal and local government agencies, acknowledges that it left a massive Elasticsearch database exposed to the internet for at least five months, but it says the risks involved were low. Ehrlich says the Granicus database included links to files on websites belonging to the Department of Health and Human Services and U.S. House of Representatives, as well as hundreds of other local government units across the country.
An unsecured, internet-facing database belonging to cosmetic giant Estée Lauder exposed over 440 million company records, including email addresses and IT logs, according to a report from a security researcher who discovered it. It's not clear how long the database may have been exposed or if anyone accessed any of the data, Fowler adds.
Cosmetic company Estée Lauder exposed 440 million records to the Internet in a database that was left accessible without proper protection, a security researcher says. The exposed database was discovered on January 30 by Security Discovery security researcher Jeremiah Fowler, who attempted to contact Estée Lauder immediately after identifying user email addresses in the database.
Palo Alto Networks released research showing how vulnerabilities in the development of cloud infrastructure are creating significant security risks. The Unit 42 Cloud Threat Report: Spring 2020 investigates why cloud misconfigurations happen so frequently.
The Royal Yachting Association has told members that "An unauthorised party" may have pilfered a database containing personal information from 2015. Stolen information included names, email addresses and "Hashed passwords", including a "Majority held with the salted hash function." No payment or financial information was said to have gone walkies.
No need to wait until you've gurgled out of your mother's womb to experience the joys of having your privacy breached, thanks to a mobile app called Peekaboo Moments. Ehrlich told Information Security Media Group that the 100GB database contains more than 70 million log files, with data going back as far as March 2019.
ManageEngine, the IT management division of Zoho Corporation, announced that Applications Manager, its server, cloud, and application performance monitoring solution, now supports Oracle Autonomous Database. Oracle Autonomous Database has gained notable traction since its arrival last year, owing to its agility and support for even the most demanding applications.