Security News

Too many online store administrators are storing private backups in public folders and exposing database passwords, secret API keys, administrator URLs and customer data to attackers who know where to look. The researchers have analyzed 2037 online stores of various sizes and running of various e-commerce platforms and found that 250 of them stored archive files in the public web folder, accessible to all.

Microsoft is investigating an ongoing outage impacting multiple Microsoft 365 services after customers have reported experiencing connection issues."We're investigating issues impacting multiple Microsoft 365 services. We've identified a potential networking issue and are reviewing telemetry to determine the next troubleshooting steps," the Microsoft 365 team said in a Twitter thread. "We've isolated the problem to networking configuration issues, and we're analyzing the best mitigation strategy to address these without causing additional impact."

The U.S. Justice Department has filed a federal lawsuit today against Google for abusing its dominant position in the online advertising market. The U.S. government alleges that Google used acquisitions of other companies in the ad market to remove competitors and forced advertisers and publishers to use its services using its control over the ad tech services.

The WordPress online course plugin 'LearnPress' was vulnerable to multiple critical-severity flaws, including pre-auth SQL injection and local file inclusion. LearnPress is a learning management system plugin that allows WordPress websites to easily create and sell online courses, lessons, and quizzes, providing visitors with a friendly interface while requiring no coding knowledge from the website developer.

In brief Nearly 3,000 immigrants seeking asylum in the United States have been released from custody after Immigration and Customs Enforcement officials inadvertently published their personal information online. Now, the Los Angeles Times reports that ICE has promised not to deport anyone affected by the breach until they have an opportunity to raise the issue in immigration court.

Are you looking to take your career in the information security industry to the next level? Look no further than the 2023 Certified Technology Professional Bundle! First, with the increasing reliance on technology and the Internet, information security has become an important issue for individuals and businesses.

In order to examine how enterprises, their business partners and consumers are faring with digital trust, DigiCert commissioned the DigiCert 2022 State of Digital Trust survey. All of enterprises surveyed say digital trust is important.

Since July 22nd, 2022, threat actors and data breach collectors have been selling and circulating large data sets of scraped Twitter user profiles containing both private and public data on various online hacker forums and cybercrime marketplaces. These data sets were created in 2021 by exploiting a Twitter API vulnerability that allowed users to input email addresses and phone numbers to confirm whether they were associated with a Twitter ID. The threat actors then used another API to scrape the public Twitter data for the ID and combined this public data with private email addresses/phone numbers to create profiles of Twitter users.

LastPass says attackers got users' info and password vault dataThe information couldn't come at a worst time, as businesses are winding down their activities and employees and users are thick in the midst of last-minute preparations for end-of-year holidays. New Microsoft Exchange exploit chain lets ransomware attackers inRansomware-wielding attackers are using a new exploit chain that includes one of the ProxyNotShell vulnerabilities to achieve remote code execution on Microsoft Exchange servers.

Microsoft warned today that it will permanently turn off Exchange Online basic authentication starting early January 2023 to improve security. "Beginning in early January, we will send Message Center posts to affected tenants about 7 days before we make the configuration change to permanently disable Basic auth use for protocols in scope," The Exchange Team said on Tuesday.