Thomas Claburn reports: Updated A website created for global consultancy Deloitte to quiz people on knowledge of hacking tactics has proven itself vulnerable to hacking. The site, found at the insecure non-HTTPS URL http://deloittehackeriq.com/, makes its YAML configuration file publicly accessible. And within the file, in cleartext, is the username and password for the site’s mySQL database….
Category: Business Sector
Club Fitness Provides Notice of Data Security Incident
A press release discloses a breach involving Club Fitness Holdings, Inc. (“Club Fitness”): On June 18, 2020, Club Fitness discovered a data security event that prevented access to data and programs on its network. Upon learning this, Club Fitness immediately began an investigation, and took action to secure and restore access to its network. Club Fitness…
Another Indian pharmaceutical giant reports cybersecurity breach within two weeks of ransomware hack on Dr Reddy’s
Prabhjote Gill reports: Another leading Indian pharmaceutical, Lupin, has reported a cybersecurity attack on its IT systems within two weeks of a ransomware attack on Dr Reddy’s Laboratories. “We have recently experienced an information security incident that has affected several of our internal IT systems. This has not impacted our core systems and operations,” Lupin…
Id: Fintech Cermati data breach points to urgency for data protection law: Experts
Eisya A. Eloksari reports: A recent data breach case involving fintech aggregator platform Cermati.com, the fifth known this year, again highlights the vulnerability of user data on digital platforms and the urgency of a personal data protection bill, experts have said. Data on almost 3 million users from fintech aggregator platform Cermati.com was leaked and sold online…
Configuration snafu exposes passwords for two million marijuana growers
Catalin Cimpanu reports: GrowDiaries, an online community where marijuana growers can blog about their plants and interact with other farmers, has suffered a security breach in September this year. The breach occurred after the company left two Kibana apps exposed on the internet without administrative passwords. Read more on ZDNet. h/t, @Chum1ng0
Folksam data breach leaks info of 1M Swedes to Google, Facebook, more
Sergiu Gatlan reports: Folksam, one of the largest insurance companies in Sweden, today disclosed a data breach affecting around 1 million Swedes after sharing customers’ personal info with multiple technology giants. The insurer discovered the data breach after an internal audit according to Jens Wikström, Head of Marketing and Sales at Folksam, and reported the incident to…