Security News

Unprotected Server Leaks Data of Microsoft Bing Mobile App Users
2020-09-22 17:53

WizCase experts have identified an unprotected Elasticsearch server that contained terabytes of data pertaining to users of Microsoft's Bing mobile application. White hat hacker Ata Hakcil, who identified the leak, was able to confirm that the Elasticsearch server belonged to Microsoft's Bing mobile app by installing the application and running a search for WizCase.

Unsecured Microsoft Bing Server Exposed Users' Search Queries and Location
2020-09-22 06:18

A back-end server associated with Microsoft Bing exposed sensitive data of the search engine's mobile application users, including search queries, device details, and GPS coordinates, among others. "Based on the sheer amount of data, it is safe to speculate that anyone who has made a Bing search with the mobile app while the server has been exposed is at risk," said WizCase's Chase Williams in a Monday post.

Unsecured Microsoft Bing Server Leaks Search Queries, Location Data
2020-09-21 20:07

An unsecured database has exposed sensitive data for users of Microsoft's Bing search engine mobile application - including their location coordinates, search terms in clear text and more. While no personal information, like names, were exposed, researchers with Wizcase argued that enough data was available that it would be possible to link these search queries and locations to user identities - giving bad actors information ripe for blackmail attacks, phishing scams and more.

US cybersecurity agency issues super-rare emergency directive to patch Windows Server flaw ASAP
2020-09-21 05:56

Uncle Sam's Cybersecurity and Infrastructure Security Agency has taken the unusual step of issuing an emergency directive that gives US government agencies a four-day deadline to roll out a Windows Server patch. The directive, issued on September 18, demanded that executive agencies to take "Immediate and emergency action" to patch CVE-2020-1472, the CVSS-perfect-ten-rated flaw that Dutch security outfit Secura BV said allows attackers to instantly become domain admin by subverting Microsoft's Netlogon cryptography.

US Cybersecurity agency issues super-rare Emergency Directive to patch Windows Server flaw ASAP
2020-09-21 05:56

Uncle Sam's Cybersecurity and Infrastructure Security Agency has taken the unusual step of issuing an emergency directive that gives US government agencies a four-day deadline to roll out a Windows Server patch. The directive, issued on September 18, demanded that executive agencies to take "Immediate and emergency action" to patch CVE-2020-1472, the CVSS-perfect-ten-rated flaw that Dutch security outfit Secura BV said allows attackers to instantly become domain admin by subverting Microsoft's Netlogon cryptography.

Cloudflare partners with Internet Archive to make sites available when their origin servers are down
2020-09-21 00:30

By partnering with the Internet Archive, Cloudflare is strengthening its Always Online solution that makes sites available when their origin servers are down and keeps the Internet functioning for users globally. To do this, the Internet Archive uses the same crawling infrastructure that has allowed its Wayback Machine to archive over 465 billion web pages to date.

How to encrypt files on your Linux servers with gocryptfs
2020-09-18 17:56

Looking for an easy to use encryption tool to protect data on your Linux servers? Jack Wallen shows you how to install and use gocryptfs to serve that very purpose. The gocryptfs tool allows you to encrypt only the directories you need.

Zerologon – hacking Windows servers with a bunch of zeros
2020-09-17 18:13

As you can probably tell from the name, it involves Windows - everyone else talks about logging in, but on Windows you've always very definitely logged on - and it is an authentication bypass, because it lets you get away with using a zero-length password. On a Windows network, the secret component is the domain password of the computer you're connecting from.

Razer Customer Data Exposed by Server Misconfiguration
2020-09-14 13:10

A server misconfiguration has resulted in data pertaining to thousands of Razer customers being exposed to the Internet. A Singaporean-American manufacturer of gaming hardware, software, and systems, Razer also provides e-sports and financial services to its customers.

Vulnerabilities Expose Thousands of MobileIron Servers to Remote Attacks
2020-09-14 12:18

Researchers have disclosed the details of several potentially serious vulnerabilities affecting MobileIron's mobile device management solutions, including a flaw that can be exploited by an unauthenticated attacker for remote code execution on affected servers. The vulnerabilities were identified by researchers at security consulting firm DEVCORE and they were reported to MobileIron in early April.