Breaches and leaks

  • Twitch: the streaming service had an issue where message archives that users could ask contained messages that belonged to other users.
  • UK government: they had a number of public Trello boards exposing sensitive information.
  • GOMO: a Chinese mobile app developer, exposed data of over 50 million users, many of whom are children.
  • Augusta University Health: a phishing attack, which happened in 2017, is now known to have exposed information of over 400.000 students and patients.
  • Sitter: a babysitting-app. They had an unsecured MongoDB server exposing user data and messages.
  • SuperProf: facepalm time on this one. The tutoring site migrated users from a recently acquired company, resetting all passwords to 'super' + their first name. Making it pretty damn easy to guess what everyone's new password was.
Dieter Van der Stock

Update all the things \o/

  • Linux kernel: two vulnerabilities that could trigger DoS attacks, dubbed "SegmentSmack" and "FragmentSmack", were fixed.
  • Microsoft has its Patch Tuesday, fixing 60 vulnerabilities, including 2 zero-days.
  • Adobe fixes things in Flash, Acrobat and Reader.
  • Airmail 3 for Mac: A vulnerability where files and e-mail could be exfiltrated just by sending a malicious e-mail. The article says otherwise, but looking at the site a fix seems to have been pushed out.
Dieter Van der Stock