23 Android Apps Expose Over 100,000,000 Users Personal Data
Misconfigurations in multiple Android apps leaked sensitive data of more than 100 million users, potentially making them a lucrative target for malicious actors. By not following best-practices when configuring and integrating third-party cloud-services into applications, millions of users private data was exposed, Check Point researchers said in an analysis published today and shared with The Hacker News. In some cases, this type of misuse only affects the users, however, the developers were also left vulnerable. The misconfigurations put users personal data and developer s internal resources, such as access to update mechanisms, storage, and more at risk.
Watering Hole Attack Was Used to Target Florida Water Utilities
An investigation undertaken in the aftermath of the Oldsmar water plant hack earlier this year has revealed that an infrastructure contractor in the U.S. state of Florida hosted malicious code on its website in what s known as a watering hole attack. This malicious code seemingly targeted water utilities, particularly in Florida, and more importantly, was visited by a browser from the city of Oldsmar on the same day of the poisoning event, Dragos researcher Kent Backman said in a write-up published on Tuesday.
The site, which belongs to a Florida-based general contractor involved in building water and wastewater treatment facilities, had no bearing on the intrusion, the American industrial cybersecurity firm said.
U.S. Pipeline Ransomware Attackers Go Dark After Servers and Bitcoin Are Seized
Just as Colonial Pipeline restored all of its systems to operational status in the wake of a crippling ransomware incident a week ago, DarkSide, the cybercrime syndicate behind the attack, claimed it lost control of its infrastructure, citing a law enforcement seizure.
All the dark websites operated by the gang, including its DarkSide Leaks blog, ransom collection site, and breach data content delivery network (CDN) servers, have gone dark and remain inaccessible as of writing. In addition, the funds from their cryptocurrency wallets were allegedly exfiltrated to an unknown account, according to a note passed by DarkSide operators to its affiliates.
Why Password Hygiene Needs a Reboot
In today s digital world, password security is more important than ever. While biometrics, one-time passwords (OTP), and other emerging forms of authentication are often touted as replacements to the traditional password, today, this concept is more marketing hype than anything else.
But just because passwords aren t going anywhere anytime soon doesn t mean that organizations don t need to modernize their approach to password hygiene right now.
The Compromised Credential Crisis
As Microsoft s security team put it, All it takes is one compromised credential…to cause a data breach. Coupled with the rampant problem of password reuse, compromised passwords can have a significant and long-lasting impact on enterprise security.