20 May 2021

Android apps exposed data of millions of users through cloud authentication failures

Check Point Research published a report on Thursday detailing Android apps that contain critical cloud misconfiguration that allow for the potential exposure of data belonging to 100 million users. The report states that 23 popular mobile apps contain a variety of misconfiguration of third-party cloud services, which are widely used

Read More
19 May 2021

Recruiter’s Cloud Snafu Exposes 20,000 CVs and ID Documents

Website Planet researchers recently uncovered an AWS S3 web bucket left unsecured by FastTrack Reflex Recruitment, which has been renamed to TeamBMS. The database included personal information pertaining to tens of thousands of jobseekers and held sensitive data and documents such as dates of birth, email addresses, full names, home

Read More
17 May 2021

‘Scheme Flooding’ Allows Websites to Track Users Across Browsers

Security researchers have discovered a new vulnerability that allows browsers to enumerate applications on a machine, threatening cross-browser anonymity in popular search engines such as Chrome, Firefox, Microsoft Edge, Safari, and Tor. The vulnerability is referred to as “scheme flooding,” and allows websites to identify users across different desktop browsers,

Read More
11 May 2021

DHS Drops Proposal to Expand Immigration-Related Biometrics Collection

The Department of Homeland Security has withdrawn a proposal that was introduced within the last few months of the Trump administration that would have expanded the collection to biometric data relating to immigration. The rule was first published in the Federal Register on September 11, and would have removed age

Read More
03 May 2021

TurgenSec finds 345,000 files from Filipino solicitor-general’s office were breached

According to UK cybersecurity firm TurgenSec, roughly 345,000 sensitive files from the solicitor-general of the Phillippines have been leaked. Some of the information exposed pertains to ongoing legal cases, threatening the integrity of trials. The breached information was left publicly available, says TurgenSec. When TurgenSec discovered the security incident in

Read More
22 Apr 2021

TikTok Sued Over Use of Minors’ Data

TikTok, which is owned by the Chinese company ByteDance, is currently being sued for billions of dollars over allegedly mishandling and using data pertaining to minors. Internal company data from July 2020 found that 18 million of TikTok’s total 800 million worldwide users are aged 14 years or younger. The

Read More
22 Apr 2021

Data Breach at New England’s Largest Energy Provider

On March 16, New England’s largest energy provider, Eversource, discovered that one of its cloud data storage folders was misconfigured, allowing anyone to access the files rather than protecting them. The folder was created in August 2019 and stored information in an unencrypted format, making the data breach a prolonged

Read More
16 Apr 2021

Google backs new security standard for smartphone VPN apps

Google has backed a new IoT security certification designed for mobile apps and VPNs, created by the Internet of Secure Things Alliance (ioXt). The program includes a mobile app profile, which consists of a set of security-related criteria by which apps can be certified for public use. The assessment also

Read More
13 Apr 2021

1.3M Clubhouse Users’ Data Dumped in Hacker Forum for Free

Security researchers have found an SQL file containing the personal data of 1.3 million Clubhouse users available on a hacker forum for free. The information in the file includes names, user IDs, photo URLs, number of followers, dates the accounts were created, profile information, who invited the user to the

Read More
06 Apr 2021

Data of Half a Billion Facebook Users Leaked

Cyber-intelligence agency Hudson Rock discovered a leak in which the personal information of half a billion Facebook users has been leaked online. The information exposed includes phone numbers, locations, birthdates, Facebook IDs, full names, and email addresses. The data was discovered on a website known to be used by hackers.

Read More