threat updates
EUROPE
An unsecured database has exposed the sensitive data of
British consultancy firms.
vpnMentor’s research team discovered the breach and
found that the information belonged to the firms as well as
thousands of British professionals.
The files were found to be stored on Amazon Web
Services (AWS) S3 bucket which requires users to
implement their own security.
Peter Draper, Technical Director, EMEA at Gurucul,
commented: “The situation of today’s digital world is that
an increasing volume of personally identifying information
is being harvested whenever we interact with organisations
online. Legitimate companies can collect data about us
from sources all over the Internet and then combine that
data into detailed profiles which they can then sell. If
this data isn’t strongly secured, and it often isn’t, this
information can easily end up on the dark web.”
GLOBAL
It has been reported that multiple
vulnerabilities have been found within
smartphone video sharing app, TikTok,
which it now says have been fixed. The
vulnerabilities had the potential to allow
hackers to manipulate content and extract
personal data, according to Israeli-based
cybersecurity company, Check Point.
Researchers found that it was possible to
spoof text messages to make them appear
to have come from TikTok. Once a user
clicked the fake link, a hacker would have been
able to access parts of their TikTok account, which
meant having the power to upload and delete videos
and change settings on existing videos from public
to private. The researchers also found that TikTok’s
infrastructure was unsecure as it would have allowed a
hacker to redirect a hacked user to a malicious website
that looked like TikTok’s homepage.
www.intelligentciso.com
|
Issue 22
25