About

Latest data leak news


Indian gov flaws allowed creation of counterfeit driving licenses

28 February 2023Indian gov flaws allowed creation of counterfeit driving licensesArmed with personal data fragments, a researcher could also access 185 million citizens’ PII

Password managers part II

A rough guide to enterprise secret platforms27 February 2023Password managers part IIA rough guide to enterprise secret platforms

Password manager security

Which is the right option for me?14 February 2023Password manager securityWhich is the right option for me?

Deserialized roundup

KeePass dismisses ‘vulnerability’ report, OpenSSL gets patched, and Reddit admits phishing hack10 February 2023Deserialized roundupKeePass dismisses ‘vulnerability’ report, OpenSSL gets patched, and Reddit admits phishing hack

Toyota seals backdoor

Calamity averted as carmaker secures supplier platform07 February 2023Toyota seals backdoor Calamity averted as carmaker secures supplier platform

Deserialized web security roundup

‘Catastrophic cyber events’, another T-Mobile breach, more LastPass problems27 January 2023Deserialized web security roundup‘Catastrophic cyber events’, another T-Mobile breach, more LastPass problems

Popular password managers auto-filled credentials on untrusted websites

20 January 2023Popular password managers auto-filled credentials on untrusted websitesDashlane, Bitwarden, and Safari all cited by Google researchers

WAGO fixes config export flaw risking data leak from industrial devices

18 January 2023WAGO fixes config export flaw risking data leak from industrial devicesSeverity somewhat blunted by reboot-related caveat

Squaring the CircleCI

DevOps platform publishes post-mortem on recent breach16 January 2023Squaring the CircleCIDevOps platform publishes post-mortem on recent breach

CORS for concern

Tesla tackles misconfigurations that left internal networks vulnerable05 January 2023CORS for concernTesla tackles misconfigurations that left internal networks vulnerable

Password mismanagement

Credential theft bug chain patched in Passwordstate21 December 2022Password mismanagementCredential theft bug chain patched in Passwordstate

Bug Bounty Radar

The latest bug bounty programs for December 202201 December 2022Bug Bounty RadarThe latest bug bounty programs for December 2022

Ibexa DXP patched for GraphQL password hash leak

18 November 2022Ibexa DXP patched for GraphQL password hash leakOrganizations advised to mandate password resets out of caution

Urlscan.io API unwittingly leaks sensitive URLs, data

02 November 2022Urlscan.io API unwittingly leaks sensitive URLs, dataPublic listings have made sensitive data searchable due to misconfigured third-party services

Bug Bounty Radar

The latest bug bounty programs for November 202201 November 2022Bug Bounty RadarThe latest bug bounty programs for November 2022

‘Cloud native’ security risks

Research suggests that automation can prevent cloud control plane compromises07 October 2022‘Cloud native’ security risksResearch suggests that automation can prevent cloud control plane compromises

Nepxion software with Spring Cloud functions fails to patch RCE bug

03 October 2022Nepxion software with Spring Cloud functions fails to patch RCE bugMaintainer of Chinese project closes public issue apparently without issuing a fix

Kubernetes cluster threat

Rancher remediates risk created by secrets stored in plaintext28 September 2022Kubernetes cluster threatRancher remediates risk created by secrets stored in plaintext

Parse Server fixes brute-forcing bug that put sensitive user data at risk

20 September 2022Parse Server fixes brute-forcing bug that put sensitive user data at riskOpen source project provides push notification functionality for iOS, macOS, Android, and tvOS

Uber hack

Social engineering attack uncovers hardcoded secrets in powershell script16 September 2022Uber hackSocial engineering attack uncovers hardcoded secrets in powershell script

WordPress warning

140,000 BackupBuddy installations on alert over file-read exploitation08 September 2022WordPress warning140,000 BackupBuddy installations on alert over file-read exploitation

Bug Bounty Radar

The latest bug bounty programs for September 202202 September 2022Bug Bounty RadarThe latest bug bounty programs for September 2022

Legitimate hacking activities under UK law proposed by ‘expert consensus’

16 August 2022Legitimate hacking activities under UK law proposed by ‘expert consensus’Contentious edge case activities are no excuse for further delaying of ‘much overdue’ reform, say campaigners

Losing track

Healthcare provider issues data breach warning after tracking pixels sent patients’ data to Meta15 August 2022Losing trackHealthcare provider issues data breach warning after tracking pixels sent patients’ data to Meta

Bug bounties and data privacy

Make sure your security bug bounty program doesn’t create a data leak of its own12 August 2022Bug bounties and data privacyMake sure your security bug bounty program doesn’t create a data leak of its own

Black Hat Arsenal

Deliberately vulnerable cloud infrastructure is a pen tester’s playground11 August 2022Black Hat ArsenalDeliberately vulnerable cloud infrastructure is a pen tester’s playground

CompleteFTP

Path traversal flaw allowed attackers to delete server files01 August 2022CompleteFTPPath traversal flaw allowed attackers to delete server files

GitHub Actions

Workflow flaws provided write access to projects including Logstash29 July 2022GitHub ActionsWorkflow flaws provided write access to projects including Logstash

Bug Bounty Radar

The latest bug bounty programs for August 202229 July 2022Bug Bounty RadarThe latest bug bounty programs for August 2022

Supply chain costs

One in five breaches due to third-party compromise, report warns27 July 2022Supply chain costsOne in five breaches due to third-party compromise, report warns

MDM hijack threat

FileWave authentication bypasses exposes managed devices to takeover risk26 July 2022MDM hijack threatFileWave authentication bypasses exposes managed devices to takeover risk

Cloud fax

Company claims healthcare pros are ditching email for ‘more secure’ fax26 July 2022Cloud faxCompany claims healthcare pros are ditching email for ‘more secure’ fax

Breaking the chain

Zyxel firewall vulnerabilities left business networks open to abuse22 July 2022Breaking the chainZyxel firewall vulnerabilities left business networks open to abuse