Security News
Security researchers are warning of "a trove of sensitive information" leaking through urlscan.io, a website scanner for suspicious and malicious URLs. "Sensitive URLs to shared documents, password reset pages, team invites, payment invoices and more are publicly listed and searchable," Positive Security co-founder, Fabian Bräunlein, said in a report published on November 2, 2022.
A technical SNAFU shut down the UK's Royal Mail Click and Drop website on Tuesday after a security "Issue" allowed some customers to see others' order information. The data leak started around 13:00 GMT, and according to an alert posted on Click and Drop's status page, Royal Mail shut down the website about an hour later.
Finally, Microsoft disclosed that Vice Society uses multiple ransomware families in attacks, including BlackCat, Quantum, Zeppelin, and a Vice Society-branded variant of Zeppelin ransomware. We also learned more information about new and existing ransomware attacks, such as an alleged 60 million LockBit ransomware demand on Pendragon, Hive claiming the attack on Tata Power, Medibank warning that the hackers accessed all customers' personal data, a ransomware attack on the Indianapolis Housing Agency, and Australian Clinical Labs disclosing that patient data was stolen.
"This misconfiguration resulted in the potential for unauthenticated access to some business transaction data corresponding to interactions between Microsoft and prospective customers, such as the planning or potential implementation and provisioning of Microsoft services," Microsoft said in an alert.The exposure amounts to 2.4 terabytes of data that consists of invoices, product orders, signed customer documents, partner ecosystem details, among others.
Microsoft has confirmed a data leak linked to a misconfigured server for a cloud storage service but is disputing the extent of the problem.In a revelation this week, Microsoft's Security Response Center said the cloud provider was notified by threat intelligence firm SOCRadar on September 24 about the misconfigured endpoint that exposed business transaction data related to interactions between Microsoft and customers.
Identities of secret agents working for the Australian Federal Police have been exposed after hackers leaked documents stolen from the Colombian government. The leak comes from a hacktivist group called Guacamaya and includes more than five terabytes of classified data, including emails, documents, and methods AFP agents were using to stop drug cartels from running their business in Australia.
Mullvad VPN has discovered that Android leaks traffic every time the device connects to a WiFi network, even if the "Block connections without VPN," or "Always-on VPN," features is enabled. The data being leaked outside VPN tunnels includes source IP addresses, DNS lookups, HTTPS traffic, and likely also NTP traffic.
Toyota Motor Corporation is warning that customers' personal information may have been exposed after an access key was publicly available on GitHub for almost five years. Toyota discovered recently that a portion of the T-Connect site source code was mistakenly published on GitHub and contained an access key to the data server that stored customer email addresses and management numbers.
Source code for the BIOS used with Intel's 12th-gen Core processors has been leaked online, possibly including details of undocumented model-specific registers and even the private signing key for Intel's Boot Guard security technology. </p. Other folks have claimed to the file contains tools for provisioning or tweaking BIOS images, as well as Intel's reference implementation of the Alder Lake UEFI and an OEM implementation, said to be that of Lenovo.
Chipmaker Intel has confirmed that proprietary source code related to its Alder Lake CPUs has been leaked, following its release by an unknown third-party on 4chan and GitHub last week. The published content contains Unified Extensible Firmware Interface code for Alder Lake, the company's 12th generation processors that was originally launched in November 2021.