An unpatched design flaw in the implementation of Microsoft Exchange's Autodiscover protocol has resulted in the leak of approximately 100,000 login names and passwords for Windows domains worldwide. "This is a severe security issue, since if an attacker can control such domains or has the ability to 'sniff' traffic in the same network, they can capture domain credentials in … [Read more...] about Microsoft Exchange Bug Exposes ~100,000 Windows Domain Credentials
Exposes
Travis CI Flaw Exposes Secrets of Thousands of Open Source Projects
Continuous integration vendor Travis CI has patched a serious security flaw that exposed API keys, access tokens, and credentials, potentially putting organizations that use public source code repositories at risk of further attacks. The issue — tracked as CVE-2021-41077 — concerns unauthorized access and plunder of secret environment data associated with a public open-source … [Read more...] about Travis CI Flaw Exposes Secrets of Thousands of Open Source Projects
Air India Hack Exposes Credit Card and Passport Info of 4.5 Million Passengers
India's flag carrier airline, Air India, has disclosed a data breach affecting 4.5 million of its customers over a period stretching nearly 10 years after its Passenger Service System (PSS) provider SITA fell victim to a cyber attack earlier this year. The breach involves personal data registered between Aug. 26, 2011 and Feb. 3, 2021, including details such as names, dates of … [Read more...] about Air India Hack Exposes Credit Card and Passport Info of 4.5 Million Passengers
New 5G Flaw Exposes Priority Networks to Location Tracking and Other Attacks
New research into 5G architecture has uncovered a security flaw in its network slicing and virtualized network functions that could be exploited to allow data access and denial of service attacks between different network slices on a mobile operator's 5G network. AdaptiveMobile shared its findings with the GSM Association (GSMA) on February 4, 2021, following which the … [Read more...] about New 5G Flaw Exposes Priority Networks to Location Tracking and Other Attacks
Privacy Bug in Brave Browser Exposes Dark-Web Browsing History of Its Users
Brave has fixed a privacy issue in its browser that sent queries for .onion domains to public internet DNS resolvers rather than routing them through Tor nodes, thus exposing users' visits to dark web websites. The bug was addressed in a hotfix release (V1.20.108) made available yesterday. Brave ships with a built-in feature called "Private Window with Tor" that integrates the … [Read more...] about Privacy Bug in Brave Browser Exposes Dark-Web Browsing History of Its Users
Data Breach Exposes 1.6 Million Jobless Claims Filed in the Washington State
The Office of the Washington State Auditor (SAO) on Monday said it's investigating a security incident that resulted in the compromise of personal information of more than 1.6 million people who filed for unemployment claims in the state in 2020. The SAO blamed the breach on a software vulnerability in Accellion's File Transfer Appliance (FTA) service, which allows … [Read more...] about Data Breach Exposes 1.6 Million Jobless Claims Filed in the Washington State
Unsecured Adobe Server Exposes Data for 7.5 Million Creative Cloud Users
The U.S. multinational computer software company Adobe has suffered a serious security breach earlier this month that exposed user records' database belonging to the company's popular Creative Cloud service.With an estimated 15 million subscribers, Adobe Creative Cloud or Adobe CC is a subscription service that gives users access to the company's full suite of popular creative … [Read more...] about Unsecured Adobe Server Exposes Data for 7.5 Million Creative Cloud Users
DoorDash Breach Exposes 4.9 Million Users’ Personal Data
Do you use DoorDash frequently to order your food online?If yes, you are highly recommended to change your account password right now immediately.DoorDash—the popular on-demand food-delivery service—today confirmed a massive data breach that affects almost 5 million people using its platform, including its customers, delivery workers, and merchants as well.DoorDash is a San … [Read more...] about DoorDash Breach Exposes 4.9 Million Users’ Personal Data
Pre-Installed Software Flaw Exposes Most Dell Computers to Remote Hacking
If you use a Dell computer, then beware — hackers could compromise your system remotely.Bill Demirkapi, a 17-year-old independent security researcher, has discovered a critical remote code execution vulnerability in the Dell SupportAssist utility that comes pre-installed on most Dell computers.Dell SupportAssist, formerly known as Dell System Detect, checks the health of your … [Read more...] about Pre-Installed Software Flaw Exposes Most Dell Computers to Remote Hacking