Security News
Burton Snowboards, a leading snowboard manufacturing company, has canceled all online orders today following what it describes as a "Cyber incident." "We are currently experiencing a system outage due to a recent cyber incident and are unable to process online orders at this time," the snowboarding brand says in a prominent alert on its website.
Many online stores are exposing private backups in public folders, including internal account passwords, which can be leveraged to take over the e-commerce sites and extort owners. According to a study by website security company Sansec, roughly 12% of online stores forget their backups in public folders due to human error or negligence.
Too many online store administrators are storing private backups in public folders and exposing database passwords, secret API keys, administrator URLs and customer data to attackers who know where to look. The researchers have analyzed 2037 online stores of various sizes and running of various e-commerce platforms and found that 250 of them stored archive files in the public web folder, accessible to all.
Microsoft is investigating an ongoing outage impacting multiple Microsoft 365 services after customers have reported experiencing connection issues."We're investigating issues impacting multiple Microsoft 365 services. We've identified a potential networking issue and are reviewing telemetry to determine the next troubleshooting steps," the Microsoft 365 team said in a Twitter thread. "We've isolated the problem to networking configuration issues, and we're analyzing the best mitigation strategy to address these without causing additional impact."
The U.S. Justice Department has filed a federal lawsuit today against Google for abusing its dominant position in the online advertising market. The U.S. government alleges that Google used acquisitions of other companies in the ad market to remove competitors and forced advertisers and publishers to use its services using its control over the ad tech services.
The WordPress online course plugin 'LearnPress' was vulnerable to multiple critical-severity flaws, including pre-auth SQL injection and local file inclusion. LearnPress is a learning management system plugin that allows WordPress websites to easily create and sell online courses, lessons, and quizzes, providing visitors with a friendly interface while requiring no coding knowledge from the website developer.
In brief Nearly 3,000 immigrants seeking asylum in the United States have been released from custody after Immigration and Customs Enforcement officials inadvertently published their personal information online. Now, the Los Angeles Times reports that ICE has promised not to deport anyone affected by the breach until they have an opportunity to raise the issue in immigration court.
Are you looking to take your career in the information security industry to the next level? Look no further than the 2023 Certified Technology Professional Bundle! First, with the increasing reliance on technology and the Internet, information security has become an important issue for individuals and businesses.
In order to examine how enterprises, their business partners and consumers are faring with digital trust, DigiCert commissioned the DigiCert 2022 State of Digital Trust survey. All of enterprises surveyed say digital trust is important.
Since July 22nd, 2022, threat actors and data breach collectors have been selling and circulating large data sets of scraped Twitter user profiles containing both private and public data on various online hacker forums and cybercrime marketplaces. These data sets were created in 2021 by exploiting a Twitter API vulnerability that allowed users to input email addresses and phone numbers to confirm whether they were associated with a Twitter ID. The threat actors then used another API to scrape the public Twitter data for the ID and combined this public data with private email addresses/phone numbers to create profiles of Twitter users.