A curated list of the top stories of the week concerning data leaks and digital threats.
By David Bisson, April 30, 2019, TripWire
Security researchers found an unprotected database stored on the cloud that contained 24 GB of information pertaining to 80 million U.S. households–more than half of the total number of American homes. Digital criminals can abuse this information to commit identity theft, stage phishing attacks, infect individuals exposed in the data leak with ransomware, collect data for future attacks, and even burglarize their homes.
By Catalin Cimpanu, April 27, 2019, ZDNet
Docker Hub, the official repository for Docker container images, discovered unauthorized access to a single Hub database storing a subset of non-financial user data, exposing 190,000 users.
By Joseph Cox, April 30, 2019, MotherBoard
Hackers have broken into CityComp, a Germany-based internet infrastructure firm that provides services to dozens of the world’s largest and most valuable companies, including Oracle, Volkswagen, and Airbus. The company has been hacked and blackmailed, and the attack is ongoing.
By Sergiu Gatlan, May 1, 2019, Bleeping Computer
A publicly accessible Elasticsearch database discovered on March 27 exposed various types of personally identifiable information (names, addresses, dates of birth, etc.) and medical info of more than 100,000 individuals. The leaked data belonged to SkyMed, a company which has provided medical emergency evacuation services for about 30 years.
By Zeljka Zorz, May 2, 2019, HelpNet Security
Attackers are actively exploiting recently fixed vulnerabilities in Oracle WebLogic and Atlassian Confluence to deliver ransomware, mine cryptocurrency, and make compromised machines participate in DDoS attacks.