Latest breach publications
Popular virtual private network service NordVPN confirmed one of its rented data centre servers suffered a breach in March 2018.
In an announcement posted on the company’s website Monday, the VPN provider revealed an attacker accessed the server at a Finland data centre by exploiting the data centre provider’s remote management system, which the company was unaware existed.
NordVPN, which deals with highly sensitive and private activity logs, was quick to reassure its 12 million customers:
“The server itself did not contain any user activity logs; none of our applications send user-created credentials for authentication, so usernames and passwords couldn’t have been intercepted either,” the company wrote.
An unencrypted Elasticsearch database containing millions of fingerprints, facial recognition information, unencrypted usernames and passwords, and personal information on employees has been discovered by researchers. The database belongs to Biostar 2, a biometric security platform recently integrated into AEOS, an access control system used by the UK Metropolitan Police.
Stockpile of Honda internal system data found on unsecured Elasticsearch database A security researcher has found an unsecured Elasticsearch database belonging to Honda Motor Company containing 134 million rows of internal network and employee computer data. Justin Paine, the researcher who discovered the database on 4 July on Shodan, said the 40GB database “appeared to… Read More
Large amount of personal data stolen in phishing attack Lancaster University has been struck by a ‘sophisticated and malicious phishing attack’ affecting the data of students and applicants, the University revealed. In a posting on its website, the University said it detected the breach on Friday and has reported the incident to law enforcement agencies,… Read More
Cybersecurity researchers have uncovered a Chinese state-sponsored cyber attack against Norwegian cloud software provider Visma, which says no client data was affected Chinese intelligence breached the network of Norwegian software firm Visma in an attempt to steal secrets from its clients, according to a new report published by Rapid7 and Recorded Future, two US cybersecurity… Read More