Security News

DigitalOcean, one of the biggest modern web hosting platforms, recently hit with a concerning data leak incident that exposed some of its customers' data to unknown and unauthorized third parties. According to the breach notification email that affected customers [1, 2] received, the data leak happened due to negligence where DigitalOcean 'unintentionally' left an internal document accessible to the Internet without requiring any password.

Adult live-streaming site CAM4 has spilt millions of users' private chats, emails, names, email addresses, sexual preferences, password hashes, IP addresses and more. A streaming site for amateurs to watch live, explicit performances, it offers customers the ability to buy virtual tokens if they want to tip performers or watch private shows.

The Clop ransomware group attacked biopharmaceutical company ExecuPharm and reportedly leaked some of the company's compromised data on underground forums. According to a recent data breach notice, various ExecuPharm servers were hit in a ransomware attack on March 13, which compromised "Select corporate and personnel information." The attack was initiated through phishing emails that were sent to ExecuPharm employees.

The design of Australia's COVIDSafe contact-tracing app creates some unintended surveillance opportunities, according to a group of four security pros who unpacked its. The first-addressed is the decision to change UniqueIDs - the identifier the app shares with other users - once every two hours and for devices to only accept a new UniqueID if the app is running.

The website, GDPR.EU, is an advice site for organizations that are struggling to comply with the General Data Protection Regulation laws that were imposed by the EU in 2018. "However, the irony of a EU-funded web site about GDPR having security issues isn't lost on us."

"We anticipated that things would get bad. Companies and agencies may be hoping and praying they are safe, but the work-from-home environment has created a multitude of opportunities for leaks. Too many organizations have left themselves wide open for attack. Understanding the pathways for access within a company's data network is a valuable lens for businesses and agencies to avert leaking their own assets," said Dr. Barbara Rembiesa, CEO and President, IAITAM. Assets left unsecured. In some cases, companies with high-end virtual private networks pre-loaded on business computers are allowing people to work from home on personal devices either with no VPN or with a lower-end virtual private network that may be less hacker resistant.

The discovery of leaked source code for two popular games - Counter-Strike: Global Offensive and Team Fortress 2 - has led to security concerns and even calls for gamers to uninstall the software from their computers. The developer and publisher of the two games, Valve, is downplaying the source-code leak, saying it does not see "Any reason for players to be alarmed or avoid the current builds." In a statement posted on the CS:GO and Team Fortress 2 Twitter accounts, Valve said the source code in question is older, dating to 2017 - and that it was already part of an existing leak from 2018.

Security researchers at vpnMentor found Kinomap's dribbly database during the firm's ongoing web-mapping project. You might have to pay for the subscription service to immerse you in forest greenery, but if you knew where to look, you wouldn't need to pay anything at all to get at the 42 million Kinomap users' records that the researchers found.

New Jersey IT services provider Cognizant has confirmed it is the latest victim of the Maze ransomware. Maze is unusual among ransomware strains in that it not only encrypts the data on infected Windows machines, it siphons off copies of the originals as well.

12% of users have reportedly stopped using Zoom altogether, the social platform Blind found. Zoom has been slammed for a wide array of security issues over the past couple of weeks, including Zoom bombings, personal data leaks, absence of end-to-end encryption, and more.