Noam Rotem and Ran Locar of vpnMentor’s research team recently discovered an unsecure and unencrypted online database. This database belongs to AutoClerk, a reservations management system. Best Western Hotels and Resort Group had just bought AutoClerk prior to this discovery. The total size of the database was over 179GB of data. Exposed data includes sensitive information, … [Read more...]
PHP Laravel Users: Disable Debug Mode
Collaborative efforts between Comparitech and security researchers Bob Diachenko and Sebastien Kaul revealed many web servers publicly exposing sensitive data. On October 17, 2019, Comparitech blogged about how the triad discovered over 700 websites using PHP’s Laravel framework where website admins failed to disable debug mode. Of the 700 websites, they estimate up to 20% of … [Read more...]
Linux Vulnerability: sudo Configuration File
Joe Vennix of Apple Information Security discovered a vulnerability pertaining to the ever popular “sudo” command used in Linux systems. If you’re not aware of what sudo is used for, sudo allows non-administrative users (e.g., normal, unprivileged users) to execute commands as another user or, most commonly, the superuser (i.e., root). This is sometimes necessary to have access … [Read more...]
You Hack Me, I Hack You
Is it ever appropriate to hack the hacker who hacked you? That is, is it ever right to hack back in retaliation? I’ll leave that question up to you but technically it is still illegal. However, in one case a victim-turned-vigilante not only served their own justice, but also shared some love with the impacted community as well. On October 10, 2019, HackRead released a story … [Read more...]
Healthcare Data Incident
In June 2019, The Methodist Hospitals, Inc. identified unusual activities within employee email accounts. They immediately started an investigation, working with third-party forensic investigators to assess the scope of the issue at hand. On August 7, 2019, the investigation revealed that two employees fell victim to a phishing email that allowed an unauthorized actor access to … [Read more...]