Bleeping Computer

Bing search results hijacked via misconfigured Microsoft app

A misconfigured Microsoft application allowed anyone to log in and modify Bing.com search results in real-time, as well as inject XSS attacks to potentially breach the accounts of Office 365 users.

English learning app used by Sony and Paramount put millions of users at risk

Five million Japanese have had their recordings leak to the internet ...
Threat Post

Wegmans Exposes Customer Data in Misconfigured Databases

Cleanup in aisle “Oops”: The supermarket chain said that it misconfigured two cloud databases, exposing customer data to public scrutiny. Wegmans Food Markets ...
Bleeping Computer

Misconfigured JIRA Servers Leak Info on Users and Projects

Misconfigured Jira servers from big names in the tech industry exposed information about internal projects and users that could be accessed by anyone with a good command of advanced search operators.
Forbes

Misconfigured Security Controls Threaten The Security Of Your Business

Oren is CPO and Co-Founder of Veriti, a consolidated security platform that maximizes the value of existing security stacks. There’s an overarching misconception among many organizations that if they ...
SiliconANGLE

Misconfigured access controls expose sensitive data on Oracle NetSuite websites

A new report out today from software-as-a-service security management company AppOmni Inc. is warning of an issue in Oracle NetSuite’s SuiteCommerce platform that could allow attackers to access ...
ZDNet

Researchers Find New Attack Vector Against Kubernetes Clusters

I wore the world's first HDR10 smart glasses TCL's new E Ink tablet beats the Remarkable and Kindle Anker's new charger is one of the most unique I've ever seen Best laptop cooling pads Best flip ...
Threat Post

Misconfigured Docker Servers Under Attack by Xanthe Malware

The never-before-seen Xanthe cryptomining botnet has been targeting misconfigured Docker APIs. Researchers have discovered a Monero cryptomining botnet they call Xanthe, which has been exploiting ...
Dark Reading

Misconfigured Databases Targeted Hours After Deployment

Misconfigured databases are subject to attack hours after they appear online, Comparitech researchers report. The team sought to learn more about how attackers target poorly secured cloud databases, ...
VentureBeat

Lightspin: 46% of AWS S3 buckets could be misconfigured and unsafe

Cloud misconfigurations expose organizations to significant risk, according to a new analysis of Amazon Web Services (AWS) Simple Storage Service (S3) buckets conducted by Lightspin, a cloud security ...
ZDNet

Misconfigured, old Airflow instances leak Slack, AWS credentials

On Monday, Intezer malware analyst Nicole Fishbein and cybersecurity researcher Ryan Robinson said the instances, vulnerable to data theft, belong to industries including IT, cybersecurity, health, ...