04 Feb 2021

Clearview Facial-Recognition Technology Ruled Illegal in Canada

This week, Canadian authorities ruled that the use of facial recognition technology from Clearview is prohibited due to violations of federal and provincial privacy laws. Clearview has received backlash from the security industry for its controversial practice of harvesting faceprints from the internet and selling them. The company could feel

Read More
03 Feb 2021

Over Three Million US Drivers Exposed in Data Breach

US car company DriveSure has suffered from a data breach in which three million of its customers were exposed. A cybercriminal has posted the data to a dark web forum, according to Risk Based Security. On January 4, Risk-Based Security found that multiple databases were uploaded to a hacking forum.

Read More
26 Jan 2021

Misconfigured Cloud Server Exposes 66,000 Gamers

Roughly 30GB of data impacting tens of thousands of users has been exposed due to a misconfigured Elasticsearch server owned by popular gaming site VIPGames.com. The site has 100,000 Google Play downloads and boasts 20,000 active daily players globally. Researchers at WizCase found the server, which contained no encryption or

Read More
22 Jan 2021

Einstein Healthcare Network Announces August Breach

Einstein Health Network is a Pennsylvania based health care company offering services such as medical rehab, outpatient and primary care centers. The organization recently announced a breach in which an authorized person was able to gain access to sensitive information and emails. Einstein has known about the breach since August

Read More
12 Jan 2021

IoT Vendor Ubiquiti Suffers Data Breach

Internet of Things and Wi-Fi vendor Ubiquiti discovered a breach of one of its systems in the cloud yesterday. THe customers were advised to change their passwords and use multifactor authentication.  There is no evidence of breaching of any databases that contain personal information of users. The data that could

Read More
11 Jan 2021

High Court Rules Against Government Bulk Hacking

The High Court in the UK ruled against the intelligence agencies’ use of bulk hacking for domestic targets. Edward Snowden revealed the use of hacking to target large numbers of users simultaneously in 2014.  In 2016, the Non-profit Privacy International challenged the practice in a secretive court for cases involving

Read More
11 Jan 2021

New Zealand Central Bank Hit by Cyber Attack

On Sunday, New Zealand’s central bank was responding to a breach of one of its data systems. The third-party file accessed stored “sensitive information”. The Governor of the Reserve Bank of New Zealand, Adrian Orr, stated the breach was contained and the extent of the information accessed would take time

Read More
11 Jan 2021

Over 100,000 UN Employee Records Accessed by Researchers

Over 100,000 United Nations employee records and credentials were able to be accessed by security researchers in only hours. Sakura Samurai created a team to look for bugs to report to the UN under its vulnq disclosure program. Using the git-dumper tool, an exposed subdomain for UN program the International

Read More
06 Jan 2021

Telegram Triangulation Pinpoints Users’ Exact Locations

Telegram’s “people nearby” feature can be used to reveal a user’s precise location, according to bug-hunter Ahmed Hassan. The feature allows users of the secure messaging app to see who’s around them, however, it has been compromised by a severe security flaw. Hassan states that although you must enable the

Read More
30 Dec 2020

Misconfigured AWS Bucket Exposes Hundreds of Social Influencers

According to vpnMentor, a misconfigured amazon web services bucket has exposed the personal details of hundreds of social media influencers. This puts them at risk for fraud, harassment, and other safety threats. The AWS S3 bucket was left wide open with no encryption or password protection. VpnMentor found the site

Read More