Compromised Data Page 1

The public account data of users of the free and open-source self-hosted social networking platform ‘Mastodon’ were exposed publicly after a misconfigured Elasticsearch server was found scraping these data and the users’ public posts. Over 150,000 Mastodon user information has already been exposed by the misconfigured Elasticsearch server, with researchers noting that these exposed data...Continue Reading

A study on Amazon Relational Database Services (Amazon RDS) shows that hundreds of its databases expose users’ personally identifiable information (PII), which could potentially provide threat actors with a resource for data compromise. Amazon Relational Database Services, or Amazon RDS, is a cloud-based web service that helps users set up relational databases in the AWS...Continue Reading

The big-time pharmaceutical organisation AstraZeneca has suffered password lapses that resulted in the online exposure of patient credentials for more than a year. Based on reports, a developer from the company left the credentials for an AstraZeneca internal server on the code-sharing platform GitHub last year. The credentials enabled access to a test Salesforce cloud...Continue Reading

A Microsoft data leak transpired last September 24, dubbed ‘BlueBleed,’ which the tech giant said was caused by a misconfigured server. The incident leaked customers’ sensitive data, including names, email addresses, phone numbers, company names, and other critical files. The tech giant also explained that the misconfiguration incident could allow malicious actors to have unauthenticated...Continue Reading

Intel’s 12th generation of Intel Core processors, Alder Lake, recently reported that its UEFI BIOS source code got leaked online. After several investigations, security analysts have confirmed this incident to be authentic, which raises concerns for many cybersecurity experts. The issue began when a Twitter user under the handle ‘freak’ posted links that they said...Continue Reading

Portugal’s Armed Forces General Staff agency has suffered a malicious attack that allegedly enabled threat actors to steal classified NATO documents. Reports said these stolen documents are now circulating in dark web marketplaces. The affected entity realised they experienced a cyberattack after an attacker published samples of the stolen documents on underground marketplaces, selling the...Continue Reading

A cybercriminal activity conducted by the Predatory Sparrow group resulted in publicly disclosed documents of numerous Iranian steel industries. The cybersecurity breach occurred last month and has exposed the first wave of critical documents on its Twitter profile. Moreover, the malicious threat group deployed a cache of approximately 20GB worth of essential data. Researchers enumerated...Continue Reading

A new strategy implemented by ransomware groups could force their victims into paying the ransom demands and not leak their stolen data. From the reports about these latest findings, the threat groups have added a search feature on their dark web leak site that allows anyone to find the group’s victims or specific details related...Continue Reading

An Australia-based maximum-security prison, Port Phillip Prison, had been attacked by unidentified threat actors demanding a ransom to drop the institution’s servers from the security breach. The cyberattack on Port Phillip Prison had forced its operators to suspend visiting hours while they were undergoing an investigation. Located at Truganina, Victoria in Australia, the prison institution...Continue Reading

Threat actors have been attempting to force an act of virtual revenge using a worm dubbed NightLion against a cybersecurity firm called Night Lion Security after they published writing that revealed the secrets of several hacking gangs. The researchers attributed Night Lion Security to a cyberattack campaign against organisations because the firm’s name was used...Continue Reading