Posts by Ryan Norfolk

The company behind one of India’s most popular travel booking sites exposed 43GB of customer and corporate data before it was deleted by the infamous “Meow” attacker, according to researchers. A team at SafetyDetectives led by Anurag Sen discovered an Elasticsearch server without password protection or encryption on August 10. It failed to get a…

Almost two-fifths (39%) of British business decision makers have sacked employees because they breached corporate security policy during the pandemic, according to new data from Centrify. The IAM specialist polled 200 UK respondents to find out more about how COVID-19 and mass remote working has impacted corporate cybersecurity. Over half (58%) of respondents admitted that employees…

Nearly a quarter (23%) of UK office workers rely on unauthorized devices to work from home, a new study by CybSafe has found. The research revealed that poor personal cybersecurity practices are commonplace amongst workers operating outside of corporate environments, which is worrying as home working is expected to become far more prevalent following the COVID-19 crisis. The…

Researchers have once again spotted crooks using calendar invitations to mount phishing attacks. The Cofense Phishing Defense Center found the attack in enterprise email environments protected by Proofpoint and Microsoft, it announced last week. The phishing scam uses iCalendar, which is a media type that lets users store and exchange calendaring and scheduling information, including events and tasks. iCalendar…

Over one million North American students have had their data exposed after a popular online learning platform left it in a publicly accessible cloud database, according to vpnMentor. Researchers from the firm claimed that the Elasticsearch database belonging to provider OneClass was left completely unsecured. The trove contained over 27GB of data, amounting to 8.9…

Inappropriate data sharing continues to be a problem for companies, according to a survey from data discovery and auditing software vendor Netwrix. Although most companies have designated secure storage areas for their data, many find it leaking into insecure areas, its research found. A quarter of companies have discovered data stored outside designated secure locations in the past…

More than a third of businesses do not have a ransomware emergency plan in place, or are not aware if one exists within their company. According to research from Ontrack of 484 organizations, 39% either did not have or were not unaware of a ransomware strategy, while 26% admitted they couldn’t access any working backups after an attack.…

Twitter has contacted its business clients to warn them of a potential breach of their data. It said that email addresses, phone numbers and the last four digits of card numbers may have been accessed by others, thanks to a technology snafu which exposed the information. It meant that billing information viewed on ads.twitter.com or…

The National Cyber Security Centre (NCSC) has announced that in just two months of its Suspicious Email Reporting Service being launched, it has received one million reports. According to a statement, the service, which was launched in April as part of the Government’s Cyber Aware campaign, receives a daily average of 16,500 emails. NCSC chief executive officer Ciaran Martin called the number…

Personal data of an estimated 100,000 social media influencers has been accessed and partially leaked following a breach at social media marketing firm Preen.Me, Risk Based Security has discovered. The same breach has also led to more than 250,000 social media users having their information fully exposed on a deep web hacking forum, leaving these individuals at risk…