Security News
British infosec accreditation body CREST has suspended all of its accreditation exams after The Register revealed a published cache of files including what appeared to be internal exam sheets as well as docs apparently tied to key industry player NCC Group. We understand from sources that the security body has suspended all of its CREST Certified Infrastructure Tester and CREST Certified Web Application Tester exams for up to a month while their contents are reviewed.
UPDATE. The Maze ransomware gang has reportedly leaked Canon U.S.A. data online. The leaked data consists of a single file, according to the report: About 2.2 GB-worth of marketing data and videos, compiled into an archive called "STRATEGICPLANNINGpart62.zip." The Maze gang claims it represents 5 percent of all of the data stolen from the camera giant.
British infosec biz NCC Group has admitted to The Register that its internal training materials were leaked on GitHub - after folders purporting to help people pass the CREST pentest certification exams appeared in a couple of repositories. CREST offers a certification called CRT: CREST Registered Tester.
BluBracket introduced significant new functionality to its Code Security Suite, allowing companies for the first time to find stolen and copied source code in public repositories. Code proliferation represents a significant threat to companies today-not just in the loss of intellectual property, but also in the risks code poses to general enterprise security.
Source code belonging to tens of companies, including several major organizations, has been leaked online after it was found on unprotected DevOps infrastructure. Kottmann told SecurityWeek that the source code they've made public, much of which appears to be proprietary, mostly comes from improperly configured or exposed DevOps infrastructure.
VPNs are all the rage these days, because they're supposed to boost your privacy and stop you being tracked. Many VPNs tell you that "They don't keep any logs at all", and therefore that they would have nothing on you that they could hand over to law enforcement even if they wanted to.
Scope of last summer’s data leak at the hotel chain appears to be far more expansive than previously thought.
Researchers have found 142 million personal details from former guests at the MGM Resorts hotels for sale on the Dark Web, evidence that a data leak from the hotel chain last summer may be far bigger in scope than previously thought. In the ad, the hacker makes a connection between the newly advertised credentials and a previously known leak of personal details of more than 10.6 million guests who had stayed at MGM Resorts.
It is amazing that this sort of thing can still happen: ...the list was compiled by scanning the entire internet for devices that were exposing their Telnet port. The hacker then tried using (1)...
Hundreds of thousands of files belonging to more than 200 law enforcement organizations across the United States have been leaked online after they were stolen by hackers from a web development company. The leak, dubbed BlueLeaks, includes information collected and generated by over 200 police departments, fusion centers, the FBI and other law enforcement organizations in various U.S. states.