Noam Rotem and Ran Locar of vpnMentor’s research team recently discovered an unsecure and unencrypted online database. This database belongs to AutoClerk, a reservations management system. Best Western Hotels and Resort Group had just bought AutoClerk prior to this discovery. The total size of the database was over 179GB of data. Exposed data includes sensitive information, … [Read more...]
DoorDash Supply-Chain Attack
DoorDash is a popular food delivery service – and very convenient if I say so myself. However, in the seemingly never-ending trend of cyber attacks, DoorDash, too, fell victim to a supply-chain attack. Earlier this month, DoorDash identified unusual activity via a third-party service. They immediately launched an investigation and have consulted with outside … [Read more...]
GearBest Data Leak – Security Byte
GearBest is a semi-popular, discount, electronics e-commerce site in China. Though not everyone uses it, it's popular in some regions for its remote control (RC) and drone products, and I use it myself. According to the VPNMentor security research team, many of GearBest’s user and order databases are openly available online, leaking everything from your email and address to … [Read more...]
Carbon Black Data Leaks – A Good Reminder to Protect Keys
A security firm published a blog post today explaining how they compromised an endpoint security system. The vendor, Carbon Black, responded in a blog post explaining that this feature is off by default and customers receive a warning when they turn it on. Setting aside the topic of responsible disclosure for the moment, take a look at this statement in the research firm’s … [Read more...]
SocNet Data Breaches – Daily Security Byte EP. 266
With the amount of data breaches in the headlines lately it's easy to get overwhelmed with yet another user record or password leak. Nonetheless, if you've ever been a Myspace or Tumblr user, you should pay attention to the headlines at least long enough to change your passwords. In today's video, I share the impact of two social network data leaks. (Episode Runtime: … [Read more...]