Search results for: chris vickery

Facepalm

LocalBlox found leaking info on tens of millions of individuals

LocalBlox, a US-based data technology company that “crawls, discovers, extracts, indexes, maps and augments data in a variety of formats from the web and from exchange networks” and ties it all together to create profiles on individuals that contain personal, business and consumer data for marketing purposes, has been found leaking information on tens of millions of individuals. The discovery was made by UpGuard researcher Chris Vickery, who stumbled upon the unsecured Amazon Web Services … More

talk speak speaker

Week in review: iOS phishing, and three reasons to secure your data now

Here’s an overview of some of last week’s most interesting news and articles: Inventive cyber gang steals millions from East European banks Trustwave researchers have uncovered a series of ingenious bank heists that cost several Eastern European and Russian banks up to $10 millions each, and they believe financial institutions in European, North American, Asian and Australian regions could be targeted with the same within the next year. Hackers use organizations’ resources for stealthy cryptocurrency … More

Accenture

Accenture inadvertently exposes highly sensitive corporate, client data online

Corporate consulting giant Accenture left bucketloads of sensitive corporate and client data exposed online for anyone to access. Luckily for them, it seems that UpGuard director of cyber risk research Chris Vickery was the only one who stumbled upon it. Publicly accessible and downloadable data He discovered the four unsecured AWS S3 storage buckets on September 17, and notified the company the next day. Accenture moved to secure the storage servers the day after. “All … More

Power lines

How a port misconfiguration exposed critical infrastructure data

Much has already been said and written about the dangers of potential cyber attacks targeting the electric/power grid. And in Ukraine, they’ve already gone from theoretical scenarios to actual attacks. More limited attacks hitting companies’ electrical systems are also possible, especially when information that provides insight into those systems’ weak points is freely accessible online. If you think that such a thing is unlikely, you probably haven’t yet heard about the most recent discovery made … More

cloud binary

Dow Jones customer data exposed due to cloud misconfiguration

US-based publishing and financial information firm Dow Jones & Company is the latest casualty of a cloud database misconfiguration error. In late May, UpGuard’s Chris Vickery discovered an Amazon S3 cloud-based data repository accessible to AWS authenticated users under the subdomain “dj-skynet.” Further analysis tied the bucket to Dow Jones. “The exposed data repository (…) had been configured via permission settings to allow any AWS ‘Authenticated Users’ to download the data via the repository’s URL. … More

abstract, generic

Week in review: Acunetix 11 review, BEC scams exposed, innovation and cybercrime

Here’s an overview of some of last week’s most interesting news and articles: 751 domains hijacked to redirect visitors to exploit kit An unknown attacker has managed to modify the name servers assigned to 751 domains, which resulted in some visitors to the hijacked domains being redirected to a site hosting the Rig Exploit Kit and delivering the Neutrino Bot. Getting the most out of your SIEM investment The challenge is SIEM systems are inherently … More

Verizon

Exposed Verizon customer data could be a shortcut for hijacking many online accounts

Chris Vickery, director of cyber risk research at UpGuard, has discovered more sensitive information exposed on an unprotected “bucket” on an Amazon AWS server. This time it includes – among other things – the names, phone numbers, and account PINs of some 14 million Verizon customers. The information was used and should have been secured by Nice Systems, an Israel-based company that has been contracted by Verizon to improve its customer service. “Verizon provided the … More

vote

Sensitive data on 198 million US voters exposed online

For at least two whole weeks, a database containing information on 198 million potential US voters – more than half of the American population – lay exposed on the internet, accessible to anyone who stumbled upon it while looking for unsecured assets. Who’s data is it, and who left this data exposed? All in all, between June 1 and June 14, some 25 terabytes of data was exposed, and of these 1.1 terabytes were available … More

Facepalm

Intelligence data, security credentials found exposed in the Amazon cloud

A data cache containing highly sensitive US military data has inadvertently been exposed online, UpGuard cyber risk analyst Chris Vickery has discovered last week. After downloading and analyzing the data, he tied it to the US National Geospatial-Intelligence Agency (NGA), and guessed that it likely belonged to private intelligence contractor Booz Allen Hamilton. The contents of the cache Located on an unsecured, publicly accessible Amazon server, the repository included some 60,000 files that, among other … More

World-Check

World-Check crime and terror database exposed online

Security researcher Chris Vickery, who has become well-known for unearthing databases that should not be accessible via the Internet but are, has found another one that contains old data from Thomson Reuters’ World-Check database of politically exposed persons and heightened risk individuals and organizations. World-Check is used by 49 of the 50 biggest banks, 9 of the top 10 global law firms, and over 300 government and intelligence agencies around the world. It lists over … More

magnify

Week in review: Hackers targeting healthcare, new issue of (IN)SECURE

Here’s an overview of some of last week’s most interesting news and articles: Exfiltrating data from air-gapped computers by modulating fan speed For the last few years, researchers from Ben-Gurion University of the Negev have been testing up new ways to exfiltrate data from air-gapped computers: via mobile phones, using radio frequencies (“AirHopper”); using heat (“BitWhisper”), using rogue software (“GSMem”) that modulates and transmits electromagnetic signals at cellular frequencies. The latest version of the data-exfiltration … More

USA flag

154 million US voter records exposed following hack

MacKeeper security researcher Chris Vickery has discovered yet another database containing voter profiles of US citizens, accessible to anyone who stumbled upon it or knew where to look. This one contains records on 154 million voters, which include their name, address, phone number, age, gender, marital status, estimated income, political party, congressional and state senate district affiliation. Some of the records also contained information about the voters’ marital status, whether they had children or owned … More