Threat Post

The personal data of 66,000 users was left wide open on a misconfigured Elasticsearch server, joining a growing list of companies with leaky clouds.

Cook County, Ill., home to Chicago, has left a database exposed since at least September that contained sensitive criminal and family-court records.

An unmonitored account belonging to a deceased employee allowed Nefilim to exfiltrate data and infiltrate systems for a month, without being noticed.

Hackers masquerade as security researchers to befriend analysts and eventually infect fully patched systems at multiple firms with a malicious backdoor.

A security flaw in TikTok could have allowed attackers to query query the platform's database – potentially opening up for privacy violations.

Tom Kellermann, head of cybersecurity strategy for VMware Carbon Black, talks about the top security challenges facing the US government as a new presidential administration steps in.

Ajit Pai says Chinese telecom companies ‘biggest national security threat’ for regulators in exit interview.

The ShinyHunters hacking group offer a raft of information, from location and contact info to dating preferences and bodily descriptions, as a free download.

The high-severity security vulnerability (CVE-2021-1257) allows cross-site request forgery (CSRF) attacks.

The security vendor is investigating potential zero-day vulnerabilities in its Secure Mobile Access (SMA) 100 series.

The new tools on Chrome and Edge will make it easier for browser users to discover - and change - compromised passwords.

The "KindleDrip" attack would have allowed attackers to siphon money from unsuspecting victims.

A former ADT employee pleads guilty of accessing customers’ cameras so he could spy on them.

The CursedGrabber malware has infiltrated the open-source software code repository.

Up to 4,000 stolen files have been released by hackers who launched a ransomware attack against the Scottish Environmental Protection Agency on Christmas Eve.

Netscout researchers identify more than 14,000 existing servers that can be abused by ‘the general attack population’ to flood organizations’ networks with traffic.

Einstein is in violation of the the HHS 60-day breach notification rule, but unlikely to face penalty.

Researchers have traced the origins of a campaign - infecting SQL servers to mine cryptocurrency - back to an Iranian software firm.

Researchers warn that attackers are collecting reconnaissance for future business email compromise attacks using Google Forms.

A phishing campaign spoofs Xerox notifications to lure victims into clicking on malicious HTML attachments.