Breaches and leaks

  • An unsecured web server was exposing personal information of 120 million Brazilians, showing their equivalent of social security numbers, bank accounts, addresses, loans and more: link.
  • Google found another security vulnerability in Google+, impacting 52 million people. Because of this the planned shut-down date for the service got moved up four months.
  • Cap Cod Community College: $800.000 was taken from their bank accounts after a series of phishing attacks.
  • Not really a breach, but an unsecured MongoDB instance was found online with scraped LinkedIn information of over 66 million individuals. It's not known whom the database belongs to. link.
  • Humble Bundle: Also not really a breach, but they discovered that an attacker abused a bug to enumerate subscription statuses of a number of customers. Even though no personal data was leaked they still disclosed very responsibly.
Dieter Van der Stock

Patch all the things \o/

  • Microsoft had its Patch Tuesday, fixing 39 vulnerabilities, 10 of which are rated critical, and two of which are actively being exploited.
  • Adobe did its thing too on Patch Tuesday, fixing no less than 87 vulnerabilities in Acrobat and Reader, several of which are critical.
  • Wordpress released an update for its 5.0 branch, fixing several vulnerabilities and a bug that allowed Google to index sensitive pages.
Dieter Van der Stock