Security News

"To exploit the vulnerability against an SMB Server, an unauthenticated attacker could send a specially crafted packet to a targeted SMBv3 Server. To exploit the vulnerability against an SMB Client, an unauthenticated attacker would need to configure a malicious SMBv3 Server and convince a user to connect to it." Unlike the Microsoft Windows SMB Server flaws used by the EternalBlue and EternalRomance exploits, which were leveraged for the 2017 WannaCry and NotPetya outbreaks, CVE-2020-0796 only affects SMBv3 and does not affect Windows 7 and Windows Server 2008 R2 systems.

A Virgin Media server left facing the public internet contained more than just 900,000 people's "Limited contact information" as the Brit cable giant's CEO put it yesterday. The marketing database also contained some subscribers' requests to block or unblock access to X-rated and gambling websites, unique ID numbers of stolen cellphones, and records of whichever site they were visiting before arriving at the Virgin Media website.

Samsung said Tuesday that a "Technical error" caused its website to display other customers' personal information. People who logged on were able to see someone else's name, phone number, address, email address and previous orders.

A hacking forum this week published details of more than 10.6 million guests who stayed at MGM Resorts, the result of a breach due to unauthorized access to a cloud server that occurred at the famous Las Vegas hotel and casino last summer. MGM almost immediately confirmed the breach to ZDNet, linking it to a security incident that happened last summer, according to the report.

After coming across thousands of photos seeping out of an unsecured S3 storage bucket belonging to a photo app called PhotoSquared, security researchers at vpnMentor blurred a few. VpnMentor's Noam Rotem and Ran Locar note that PhotoSquared's failure to lock down its cloud storage has put customers at risk of identity theft, financial or credit card fraud, malware attacks, or phishing campaigns launched with the USPS or PhotoSquared postage data arming phishers with the PII they need to sound all that much more convincing.

Swiss encryption machine company Crypto AG was secretly owned by the CIA and a West Germany spy agency at the height of the Cold War, according to explosive revelations in Swiss and German media today. Although rumours had swirled for decades around Crypto AG and the backdooring of its products by the West - cough, cough, NSA - and not forgetting careless remarks by former US prez Ronald Reagan, today's publications by Swiss broadcaster SRF and German broadcaster ZDF confirm those old suspicions.

An election campaigning website operated by Likud―the ruling political party of Israeli Prime Minister Benjamin Netanyahu―inadvertently exposed personal information of all 6.5 million eligible Israeli voters on the Internet, just three weeks before the country is going to have a legislative election. In Israel, all political parties receive personal details of voters before the election, which they can't share with any third party and are responsible for protecting the privacy of their citizens and erasing it after the elections are over.

An election campaigning website operated by Likud―the ruling political party of Israeli Prime Minister Benjamin Netanyahu―inadvertently exposed personal information of all 6.5 million eligible Israeli voters on the Internet, just three weeks before the country is going to have a legislative election. In Israel, all political parties receive personal details of voters before the election, which they can't share with any third party and are responsible for protecting the privacy of their citizens and erasing it after the elections are over.

The United Nations headquarters in New York as well as the U.N.'s sprawling Palais des Nations compound in Geneva, its European headquarters, did not immediately respond to questions from the AP about the incident. The internal document from the U.N. Office of Information and Technology said 42 servers were "Compromised" and another 25 were deemed "Suspicious," nearly all at the sprawling United Nations offices in Geneva and Vienna.

Kindite, a Tel-Aviv based cybersecurity company that creates Zero-Trust Environments to protect data in the cloud, has launched a beta version allowing IT and security teams to have a new level of control over their cloud environment. Kindite allows encryption keys to be kept on-prem or in a trusted environment while allowing the processing of encrypted data in the cloud.