A hacker or hacker group might have stolen healthcare data for more than half of Norway's population, according to reports in local press.
Details about two vulnerabilities in an adult-themed virtual reality (VR) application were available to the general public for five days before the vendor intervened and patched the security holes.
The US Department of Homeland Security (DHS) announced it suffered a data breach last year, during which data for over 247,000 DHS employees and individuals under DHS investigations was taken from a secure DHS database.
Two security researchers —Vangelis Stykas and Michael Gruhn— have published a report on a series of vulnerabilities that they named "Trackmageddon" that affect several GPS and location tracking services.
Similar vulnerabilities affect some Sonos and Bose smart speakers that allow hackers to take over devices, collect data on users, and even make devices to play desired audio tracks.
US data analytics provider Alteryx has left an Amazon S3 storage bucket exposed online, leaking the sensitive details of over 123 million US households in the process.
The details of over 19 million California voters were left exposed online in an unsecured MongoDB database and were later held for ransom, according to researchers from the Kromtech Security Center.
The US Department of Justice (DOJ) has formally charged a former NSA employee for taking classified documents home. The man, Nghia Hoang Pho, 67, of Ellicott City, Maryland, pleaded guilty today, according to court documents released by the DOJ.
A security researcher has identified thousands of Serial-to-Ethernet devices connected online that leak Telnet passwords that could be used to attack the equipment that is placed behind them.
Ten days after an Amazon S3 server exposed data from the US Army's CENTCOM and PACOM divisions, security researchers have identified another S3 server instance that leaked files from INSCOM, a joint US Army and NSA agency tasked with conducting intelligence, security, and information operations.
A security researcher revealed today he found three misconfigured Amazon S3 servers belonging to the US Department of Defense (DOD) containing 1.8 billion social media and forum posts made by users from all over the world, including many by Americans.
The takedown of three major Dark Web markets by law enforcement officials over the summer has driven many vendors of illegal products to set up their own shops that, in many cases, are not properly configured and are leaking the underlying server's IP address.
Following a long string of data leaks caused by misconfigured S3 servers, Amazon has decided to add a visible warning to the AWS backend dashboard panel that will let server admins know if one of their buckets (storage environments) is publicly accessible and exposing potentially sensitive data on the Internet.
Hackers can exploit exposed Amazon S3 buckets to carry out silent Man-in-the-Middle attacks or other hacks on a company's customers or internal staff.
Extortion can also be funny when it happens to the bad guys, and there's one extortion attempt going on right now that will put a big smile on your face.
Appleby, a Bermuda law firm that handles the finances for some of the world's richest people, admitted yesterday to a security breach that took place last year.
The Asia-Pacific Network Information Centre (APNIC), the organization that manages domain name information for the Asia-Pacific region, fixed on Monday an error that exposed password hashes needed to access and edit domain ownership details.
Even if a video streaming service is using HTTPS to encrypt its traffic, an attacker can still determine with a very high accuracy what content a user might be watching.
Security researchers, and what appears to be at least one hacker, have found an ElasticSearch server left exposed online that was hosting information about 1,133 National Football League (NFL) players and agents.
During the past year, there has been a surge in data breach reporting regarding Amazon S3 servers left accessible online, and which were exposing private information from all sorts of companies and their customers.