Security News

ChaosDB: Infosec bods could pull anyone's plaintext Azure Cosmos DB keys at will from Microsoft admin tools
2021-11-12 19:19

An astonishing piece of vulnerability probing gave infosec researchers a way into to Microsoft's management controls for Azure Cosmos DB - with full read and write privileges over customer databases. The so-called ChaosDB vuln gave Wiz researchers "Access to the control panel of the underlying service" that hosts Azure Cosmos, Microsoft's managed cloudy document database service, they said.

Windows 365 exposes Microsoft Azure credentials in plaintext
2021-08-13 18:24

A security researcher has figured out a way to dump a user's unencrypted plaintext Microsoft Azure credentials from Microsoft's new Windows 365 Cloud PC service using Mimikatz. On August 2nd, Microsoft launched their Windows 365 cloud-based desktop service, allowing users to rent Cloud PCs and access them via remote desktop clients or a browser.

Icarus moment: Mozilla Thunderbird was saving OpenPGP keys in plaintext after encryption snafu
2021-05-24 17:15

Mozilla Thunderbird spent the last couple of months saving some users' OpenPGP keys in plain text - but that's now been patched, the author of both the bug and the patch fixing it has told The Register. The vulnerability, assessed as "Low" impact by Mozilla, existed in the free open source Thunderbird email client between version 78.8.1 and version 78.10.1 after a crestfallen maintainer realised carefully designed protections were in fact not protecting users' private OpenPGP keys.

We're not saying this is how SolarWinds was backdoored, but its FTP password 'leaked on GitHub in plaintext'
2020-12-16 00:00

In a message to The Register, Kumar said that on November 19, 2019, he told SolarWinds "Their update server was accessible with the password 'solarwinds123' which is leaking in the public Github repo. They fixed the issue and replied to me on." Using the exposed account name and password, he was able to upload a file to prove the system was insecure, he said he wrote in his report to SolarWinds, adding that a hacker could use the credentials to upload a malicious executable and add it to a SolarWinds update.

Hardware-based Password Managers Store Credentials in Plaintext
2019-12-09 18:58

A security researcher has analyzed three hardware-based password vaults and discovered that credentials are stored in plaintext and survive hardware resets.  read more

Some D-Link and Comba WiFi Routers Leak Their Passwords in Plaintext
2019-09-10 16:48

What could be worse than your router leaking its administrative login credentials in plaintext? Cybersecurity researchers from Trustwave's SpiderLabs have discovered multiple security...

Not very Suprema: Biometric access biz bares 27 million records and plaintext admin creds
2019-08-14 12:34

Biostar 2 goes supernova after Israeli duo's probings Two infosec researchers found 27 million personal data records, including a million people's fingerprints, exposed to the public along with...

Stock Trading Firm Robinhood Stored User Passwords in Plaintext
2019-07-25 05:51

Robinhood, a California-based financial services company that provides a popular commission-free stock trading app, informed some users that their passwords were stored in plaintext. read more

Google Stored G Suite Passwords in Plaintext Since 2005
2019-05-22 13:16

Google said it had stored G Suite enterprise users' passwords in plain text since 2005 marking a giant security faux pas.

Facebook: we logged 100x more Instagram plaintext passwords than we thought
2019-04-19 14:58

Facebook has updated 'tens of thousands of plaintext Instagram passwords ended up in logfile' to say it was more like a million.