Security News

Security consultant Bob Diachenko ran across a misconfigured Elasticsearch cloud cluster that exposed a segment of Razer's infrastructure to the public internet, for anyone to see. "As more organizations adopt cloud-based tools to obtain a competitive advantage, the rate of cloud application usage increases in tandem. However, most organizations are not equipped to handle the security demands of the cloud. In fact, 86 percent of companies deploy cloud applications, yet just 34 percent have single sign-on solutions in place, demonstrating a massive gap in cloud adoption and necessary cloud-security solutions."

Intel is investigating reports that a claimed hacker has leaked 20GB of data coming from the chip giant, which appear to be related to source code and developer documents and tools. "The information appears to come from the Intel Resource and Design Center, which hosts information for use by our customers, partners and other external parties who have registered for access," an Intel spokesperson told SecurityWeek.

The Vermont Department of Taxes may have been exposing taxpayer data that could be used in credential scams for more than three years due to a vulnerability in its online tax filing system. A notice posted on the department's website warned taxpayers who filed a Property Transfer Tax return through the department's online filing site between Feb. 1, 2017, and July 2, 2020, may have had their personal information leaked.

In May 2019, KrebsOnSecurity broke the news that the website of mortgage title insurance giant First American Financial Corp. had exposed approximately 885 million records related to mortgage deals going back to 2003. On Wednesday, regulators in New York announced that First American was the target of their first ever cybersecurity enforcement action in connection with the incident, charges that could bring steep financial penalties.

Collaboration security startup Polymer announced its official launch on Wednesday with a solution that automatically detects and redacts sensitive data shared by users in popular collaboration tools. When users share this type of information via one of the supported collaboration tools, Polymer automatically redacts sensitive information and ensures that the unredacted information can only be accessed by users that have been authorized in the Polymer administrative dashboard.

Cloud software provider Blackbaud has admitted that it paid cybercriminals to regain control of data following a ransomware attack in May 2020. Last week, the company published a notice on a ransomware attack that it fell victim to in May 2020, claiming that it was able to discover and stop the assault, but not before some data was exfiltrated by the attackers.

A former analyst for the U.S. Defense Intelligence Agency has been sentenced to more than two years in prison after sharing highly classified, national defense intelligence with two reporters. According to the Department of Justice on Thursday, Frese held a "Top Secret/Sensitive Compartmented Information" security clearance at the DIA. He leveraged these privileges to search for the classified data - stored in secure, classified government information systems - at least 30 times in 2018.

Researchers have disclosed the details of a new speculative execution attack affecting many Intel processors, and they say this is the first vulnerability of this kind that allows hackers to obtain sensitive information across the cores of a CPU. The vulnerability was discovered by a team of researchers from Vrije Universiteit Amsterdam in the Netherlands and ETH Zurich in Switzerland. They initially reported their findings to Intel in September 2018 and nearly one year later they informed the tech giant about the possibility of cross-core leaks.

Japan is investigating a possible leak of data including details of a prototype missile in a massive cyberattack earlier this year on Mitsubishi Electric Corp., officials said Wednesday. The suspected leak involves sensitive information about a prototype of a cutting-edge high speed gliding missile intended for deployment for the defense of Japan's remote islands amid China's military assertiveness in the region.

DigitalOcean, one of the biggest modern web hosting platforms, recently hit with a concerning data leak incident that exposed some of its customers' data to unknown and unauthorized third parties. According to the breach notification email that affected customers [1, 2] received, the data leak happened due to negligence where DigitalOcean 'unintentionally' left an internal document accessible to the Internet without requiring any password.