8Belts exposes personal data of 100,000 e-learners globally

By Deeba Ahmed 8Belts database was hosted on a misconfigured Amazon Web Services AWS S3 bucket. This is a post from HackRead.com Read the original post: 8Belts exposes personal data of 100,000 e-learners globally...

Joomla Resources Directory (JRD) Portal Suffers Data Breach

Joomla, one of the most popular Open-source content management systems CMS, last week announced a new data breach impacting 2,700 users who have an account with its resources directory JRD website, i.e., resources.joomla.org. The breach exposed affected users' personal information, such as full...

Composr CMS 10.0.30 - Persistent Cross-Site Scripting Vulnerability

Exploit for php platform in category web applications Title: Composr CMS 10.0.30 - Persistent Cross-Site Scripting Author: Manuel Garcia Cardenas Vendor: https://compo.sr/ CVE: N/A ============================================= MGC ALERT 2020-001 - Original release date: February 06, 2020 - Last...

Brazil's Biggest Cosmetic Brand Natura Exposes Personal Details of Its Users

Brazil's biggest cosmetics company Natura accidentally left hundreds of gigabytes of its customers' personal and payment-related information publicly accessible online that could have been accessed by anyone without authentication. SafetyDetective researcher Anurag Sen last month discovered two...

keycloak: problem with privacy after user logout

A flaw was found in Keycloak. This flaw allows a malicious user that is currently logged in, to see the personal information of a previously logged out user in the account manager section...

Data privacy law updates eyed by Singapore

In early 2019, Singapore’s data privacy regulators proposed that the country’s data privacy law could use two new updates—a data breach notification requirement and a right of data portability for the country’s residents. The proposed additions are commonplace in several data privacy laws around...

Hackers Leak Biopharmaceutical Firm's Data Stolen in Ransomware Attack

The Clop ransomware group attacked biopharmaceutical company ExecuPharm and reportedly leaked some of the company’s compromised data on underground forums. ExecuPharm, a Pennsylvania-based subsidiary of the U.S. biopharmaceutical giant Parexel, provides clinical trial management tools for...

Small Businesses Tapping COVID-19 Loans Hit with Data Exposure

A data breach at the agency in charge of providing financial relief to small businesses during the COVID-19 crisis may have exposed sensitive information of 8,000 business that applied, and may delay payouts, a government official said. The Small Business Administration SBA, which oversees the...

44M Digital Wallet Items Exposed in Key Ring Cloud Misconfig

Key Ring, creator of a digital wallet app used by 14 million people across North America, has exposed 44 million IDs, charge cards, loyalty cards, gift cards and membership cards to the open internet, researchers say. The Key Ring app allows users to upload scans and photos of various physical...

GDPR: An impact around the world

A little more than one month after the European Union enacted the General Data Protection Regulation GDPR to extend new data privacy rights to its people, the governor of California signed a separate, sweeping data protection law that borrowed several ideas from GDPR, sparking a torch in a...

SUSE-SU-2020:0721-1 Security update for MozillaThunderbird

This update for MozillaThunderbird fixes the following issues: MozillaThunderbird was updated to 68.6.0 ESR MFSA 2020-10 bsc1166238 - CVE-2020-6805: Fixed a use-after-free when removing data about origins - CVE-2020-6806: Fixed improper protections against state confusion - CVE-2020-6807: Fixed a...

Hackers Compromise T-Mobile Employee' Email Accounts and Steal User' Data

If you are a T-Mobile customer, this news may concern you. US-based telecom giant T-Mobile has suffered yet another data breach incident that recently exposed personal and accounts information of both its employees and customers to unknown hackers. What happened? In a breach notification posted o...

Mobile malware evolution 2019

These statistics are based on detection verdicts of Kaspersky products received from users who consented to provide statistical data. Figures of the year In 2019, Kaspersky mobile products and technologies detected: 3,503,952 malicious installation packages. 69,777 new mobile banking Trojans...

MGM Grand Breach Leaked Details of 10.6 Million Guests Last Summer

A hacking forum this week published details of more than 10.6 million guests who stayed at MGM Resorts, the result of a breach due to unauthorized access to a cloud server that occurred at the famous Las Vegas hotel and casino last summer. The incident—revealed in a published report on ZDNet...

Privacy Experts Skeptical of Proposed Data Protection Agency

A new federal bureaucracy, the Data Protection Agency DPA, has been proposed to completely revamp how the U.S. government regulates data collection and misuse by big tech companies. However, while privacy experts call the agency a “good first step,” they remain skeptical about how effective it...

App Used by Israel's Ruling Party Leaked Personal Data of All 6.5 Million Voters

An election campaigning website operated by Likud―the ruling political party of Israeli Prime Minister Benjamin Netanyahu―inadvertently exposed personal information of all 6.5 million eligible Israeli voters on the Internet, just three weeks before the country is going to have a legislative...

Active PayPal Phishing Scam Targets SSNs, Passport Photos

A recently uncovered phishing campaign, targeting PayPal users, pulls out all the stops and asks victims for the complete spectrum of personal data – even going so far as to ask for social security numbers and uploaded photos of their passports. The campaign starts with a fairly run-of-the-mill...

U.S. Charges 4 Chinese Military Hackers Over Equifax Data Breach

The United States Department of Justice today announced charges against 4 Chinese military hackers who were allegedly behind the Equifax data breach that exposed the personal and financial data of nearly 150 million Americans. In a joint press conference held today with the Attorney General Willi...

Critical Android Bluetooth Bug Enables RCE, No User Interaction Needed

A critical vulnerability in the Bluetooth implementation on Android devices could allow attackers to launch remote code execution RCE attacks – without any user interaction. Researchers on Thursday revealed further details behind the critical Android flaw CVE-2020-0022, which was patched earlier...

When Your Used Car is a Little Too ‘Mobile’

Many modern vehicles let owners use the Internet or a mobile device to control the car's locks, track location and performance data, and start the engine. But who exactly owns that control is not always clear when these smart cars are sold or leased anew. Here's the story of one former electric...