16 Jul 2021

Artwork Archive cloud storage misconfiguration exposed user data, revenue records

Misconfigurations in Artwork Archive, a platform used to connect artists to potential buyers, allegedly led to a data leak in which the personally identifiable information (PII) of users was exposed. The WizCase team reported that they discovered a misconfigured Amazon S3 bucket belonging to the platform. The researchers stated that

Read More
18 Jun 2021

A Billion CVS Records Exposed

More than one billion records pertaining to customers at CVS have been exposed due to a misconfiguration error on the service’s cloud database. The database was left unprotected, without a password required to access the sensitive data. The leak was discovered by researcher Jeremiah Fowler, who determined the size of

Read More
07 May 2021

Misconfigured Database Exposes 200K Fake Amazon Reviewers

A misconfigured database has allegedly exposed a coordinated scheme by Amazon vendors to boost product ratings through utilizing fake accounts and reviews. Security researchers at SafetyDetectives located a China-based Elasticsearch server that was exposed to the public online, lacking any password protection or encryption. After looking further into the exposed

Read More
11 Mar 2021

Updating Defense Intelligence Agency’s Data Base

The Defense Intelligence Agency (DIA) currently uses an old system called the Modernized Intelligence Database (MIDB) to store and retrieve information on foreign intelligence – everything from Country order-of-battles (tanks, airplanes, etc.), infrastructures (runways, ports, etc.) to general foreign military capabilities. They will replace it with a system called the Machine-Assisted Analytic Rapid-Repository System (MARS). As they do, will they leverage the great capabilities of American industry or seek to code things themselves?

Read More
07 May 2020

Advanced Data Breach Disclosure Update

A data breach at a legal software provider has reportedly affected over 190 law firms, according to the organization that discovered it, TurgenSec. The beach was publicly disclosed on April 27, and TurgenSec reports that the identities of the ownr3 of the database and affected parties have become public knowledge.

Read More
03 Feb 2020

Breach at Indian Airline Affects 1.2 Million Passengers

Indian airline SpiceJet has been hit by a cyberattack resulting in a massive data breach, exposing the personal information of over a million of its passengers. The computer system of the airline was compromised last month when a security researcher used brute force attack to gain access to an unencrypted

Read More