News

Microsoft last December misconfigured five Elasticsearch servers – each one containing the same data set of 250 million customer support records – leaving their information publicly exposed on the internet, according to researchers. The data leak was detailed today in a blog post by pro-consumer website Comparitech and separately disclosed in a Microsoft Security Response Center (MSRC) blog post. Source: SC Magazine

Operated by Lawyers for Liberty, the website appears to have been blocked in Singapore following an order issued after the human rights group failed to comply with a previous correction directive. The group has sued the Singapore government over the order. Source: ZD Net

The new BitPyLock ransomware seems to have stepped up its game, going from targeting individual workstations to spreading to the network in a file-stealing spree. Discovered at the beginning of the month by MalwareHunterTeam, the bug has claimed new victims almost daily. Interestingly, the ransom notes have already evolved to reflect the progressively ambitious aims of threat actors, who are now attempting to steal data before encrypting the machines in order to use it as...

Misconfigured Microsoft cloud databases containing 14 years of customer support logs exposed 250 million records to the open internet for 25 days. The account info dates back as far as 2005 and is as recent as December 2019 — and exposes Microsoft customers to phishing and tech scams. Microsoft said it is in the process of notifying affected customers. The Comparitech security research team said that it ran across five Elasticsearch servers that had been...

In a data breach notification letter to customers, The UPS Store has disclosed that an unauthorized party successfully devised a phishing scheme to gain entry into the email accounts of numerous store locations. The breach exposed information contained within documents that customers emailed to stores for printing and related services, the San Diego-based subsidiary of UPS explained in its communication. In addition to names, this info included government-issued identification and financials, said Jenny Robinson, The UPS Store’s...

Over 2,000 Wordpress sites have been hacked to fuel a campaign to redirect visitors to scam sites containing unwanted browser notification subscriptions, fake surveys, giveaways, and fake Adobe Flash downloads. This hacking campaign was discovered by website security firm Sucuri who detected attackers exploiting vulnerabilities in Wordpress plugins during the third week of January 2020. Sucuri researcher Luke Leak told BleepingComputer that some of the vulnerable plugins seen being exploited are the "CP Contact Form with PayPal" and the "Simple...

Maze ransomware operators have infected computers from Medical Diagnostic Laboratories (MDLab) and are releasing close to 9.5GB of data stolen from infected machines. The actor also followed through with leaking another cache of files belonging to another of its victims that did not pay the ransom, Southwire wire and cable manufacturer from Carrollton, Georgia. This action was prompted by the company's refusal to pay a ransom of 200 bitcoins (a little over $1.7 million today) that...

The attackers behind the Sodinokibi Ransomware are now threatening to publish data stolen from another victim after they failed to get in touch and pay the ransom to have the data decrypted. Sodinokibi claims that this data was stolen from GEDIA Automotive Group, a German automotive supplier with production plants in Germany, China, Hungary, India, Mexico, Poland, Hungary, Spain, and the USA. GEDIA also has over 4,300 employees all around the world and it had an annual turnover of €600 million...

Today Onapsis, the leader in business application protection has just announced the exciting addition of Dave DeWalt to its board of directors. This announcement follows a record year, highlighted by 157% year-over-year growth in new annual recurring revenue, 257% growth in expansion revenue, and 90% gross retention rate. Onapsis’ customer base now totals 300+ global enterprises that include more than 20% of Fortune 100 companies, six of the top 10 automotive companies, five of the...

Security research company Comparitech.com recently made a discovery of 250 million Microsoft records which were exposed on the web. The specific form that this data took was Customer Service and Support records (CSS), which includes customer email addresses, IP addresses and locations as well as descriptions of the CSS claims and cases, and the email addresses of Microsoft employees. The research team led by security researcher Bob Diachenko discovered five Elasticsearch servers where the information...