A Walmart jewelry partners’ misconfigured AWS S3 bucket left personal details and contact information of 1.3 million customers in plain sight.
For the second time in ten days, researchers at UpGuard released sensitive data belonging to the United States Defense Department that was stored insecurely online.
A proof-of-concept attack demonstrates how adversaries can abuse Microsoft’s Active Directory Federation Services framework to go unnoticed and assume multiple user identities.
Uber CEO said a 2016 data breach that exposed 57 million Uber user accounts and a subsequent payment of $100,000 to a hacker to delete data and keep it a secret is inexcusable.
Pentagon contractor left 1.8 billion mostly benign publicly accessible social-media posts scraped from the internet on a publicly accessible Amazon storage bucket.
Enterprises are grappling with widespread incidents of misconfigured servers leaking sensitive data to the public internet.
Researchers uncover a misconfigured Elasticsearch database, exposing data tied to NFL players and their agents.
600 gigabytes of information, including SQL database dumps, code, access logs, and customer information, belonging to BroadSoft and its client, TWC, was left online, accessible to anyone.
The news of the week is discussed, including the AWS S3 leaks, Zerodium’s bounty on messaging app zero days, Ropemaker, and cobot vulnerabilities.
Personal and business data belonging to Boston area meeting and hotel booking provider Groupize was discovered in a publicly accessible Amazon Web Services S3 bucket, which has since been locked down.