Security News

Missouri Vows to Prosecute ‘Hacker’ Who Informed State About Data Leak
2021-10-15 17:44

The St. Louis Post-Dispatch newspaper recently found a huge security blunder: The Missouri educational agency's site was displaying 100,000+ clearly visible Social-Security numbers for school teachers, administrators and counselors in its HTML source code. Through a multi-step process, an individual took the records of at least three educators, decoded the HTML source code, and viewed the SSN of those specific educators.

Twitch Leak Included Emails, Password: Researcher
2021-10-07 20:25

It's a horrific leak that included the Amazon-owned service's source code, comments dating back to the dawn of Twitch time, security tools, an unreleased Amazon Game Studios competitor to Steam, a list of of the highest-paid channels plus how much they were paid, and more. On Wednesday, Twitch disclosed that "Some data" was exposed to the internet due to "An error in a Twitch server configuration change that was subsequently accessed by a malicious third party." It said that its teams were urgently investigating, but that it hadn't found any evidence that login credentials had been exposed.

Poorly Configured Apache Airflow Instances Leak Credentials for Popular Services
2021-10-07 10:29

Cybersecurity researchers on Monday discovered misconfigurations across older versions of Apache Airflow instances belonging to a number of high-profile companies across various sectors, resulting in the exposure of sensitive credentials for popular platforms and services such as Amazon Web Services, Binance, Google Cloud Platform, PayPal, Slack, and Stripe. "These unsecured instances expose sensitive information of companies across the media, finance, manufacturing, information technology, biotech, e-commerce, health, energy, cybersecurity, and transportation industries," Intezer said in a report shared with The Hacker News.

Twitch Suffers Massive 125GB Data and Source Code Leak Due to Server Misconfiguration
2021-10-07 00:55

Interactive livestreaming platform Twitch acknowledged a "Breach" after an anonymous poster on the 4chan messaging board leaked its source code, an unreleased Steam competitor from Amazon Game Studios, details of creator payouts, proprietary software development kits, and other internal tools. The Amazon-owned service said it's "Working with urgency to understand the extent of this," adding the data was exposed "Due to an error in a Twitch server configuration change that was subsequently accessed by a malicious third party."

Misconfigured Apache Airflow servers leak thousands of credentials
2021-10-04 14:00

While investigating a misconfiguration flaw in Apache Airflow, researchers discovered many exposed instances over the web leaking sensitive information, including credentials, from well-known tech companies. Apache Airflow is a popular open-source workflow management platform for organizing and managing tasks.

Content sprawl is increasing the risk of data breaches and leaks
2021-10-01 05:00

Egnyte's latest report, based on a survey of 400 IT executives, examines the challenges of securing and governing unstructured content in today's hybrid and remote work environments. A key finding of the research is that unchecked data growth, combined with a lack of visibility, is increasing the risk of breaches, ransomware, and compliance violations dramatically.

S3 Ep52: Let’s Encrypt, Outlook leak, and VMware exploit [Podcast]
2021-09-30 18:49

" Guess what? iOS 12 wasn't dead, it was just resting. Researchers rediscover an Outlook data leakage issue.

Check What Information Your Browser Leaks
2021-09-28 14:51

These two sites tell you what sorts of information you’re leaking from your browser.

Apple's New iCloud Private Relay Service Leaks Users' Real IP Addresses
2021-09-24 21:55

A new as-yet unpatched weakness in Apple's iCloud Private Relay feature could be circumvented to leak users' true IP addresses from iOS devices running the latest version of the operating system. Introduced with iOS 15, which was officially released this week, iCloud Private Relay aims to improve anonymity on the web by employing a dual-hop architecture that effectively shields users' IP address, location, and DNS requests from websites and network service providers.

How Outlook “autodiscover” could leak your passwords – and how to stop it
2021-09-23 18:59

Microsoft's autodiscover process can include numerous different steps, as explained in its own Autodiscover documentation, and different apps may use slightly different variants on the Microsoft's central theme. The researchers claim that over the next four months, they collected more than 1,000,000 unsolicited and unexpected autodiscover requests, of which a significant minority included authentication tokens or plaintext passwords that could, in theory, give access to the leaked accounts.