![]() ![]() This exploit is due to an incomplete fix applied to Apache Log4j that leaves room for attackers to exploit the vulnerability in certain non-default configurations. Looks like the Department of Homeland Security was right. There isn't too much to report on the critical vulnerabilities front this week, but there is something interesting to note in the known exploited vulnerabilities that CISA cataloged this week: Another Log4j exploit is making the rounds. Filenames found in the bucket suggest it's still in use, too.Ĭritical vulnerabilities of the week: Log4j still a thing The password-free bucket reportedly contained 3,000 files totaling 655GB – including software files, server images, spreadsheets, PowerPoint presentations and text documents, one of which the researcher said contained login details for one of Capita's systems. ![]() Still reeling from the aftermath of a Black Basta break in, London-based digital services firm Capita is now contending with a security researcher's allegation it left an AWS S3 bucket unsecured for seven years. Capita doesn't just get hacked – it also leaves its buckets open March and December of 2020 brought an additional pair of breaches, followed by a whopping 48 million customer records posted to the dark web in 2021. Its first reported breach was in 2018 when two million records were accessed along with hashed passwords, and a year later more than a million customers had their data exposed. T-Mobile has had tens of millions of customer records compromised over the years. T-Mobile also said that it reset account PINs for affected customers, so if you've had trouble with your account that might be why. For T-Mobile customers wondering if they were affected, letters were mailed out on April 28, so if you haven't received one you're probably fine.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |