Kartikay Mehrotra of Bloomberg reports: A vulnerability in Microsoft Inc.’s cloud database system left data at thousands of clients exposed to potential cyberattacks for about two years, according to the Israeli cybersecurity firm that discovered the bug. More than 3,300 of the software giant’s customers were exposed to a flaw in its Azure Cosmos DB…
Category: Business Sector
T-Mobile CEO apologizes for data breach, announces security partnership with Mandiant
J. Bonaficic reports: T-Mobile says it’s “truly sorry” about the data breach that exposed the personal information of more than 54 million customers. “The last two weeks have been humbling for all of us at T-Mobile as we have worked tirelessly to navigate a malicious cyberattack on our systems,” the carrier said in an update on the…
Alibaba Cloud data leak ‘violated Cybersecurity Law’ in 2019 and must rectify, local Chinese telecoms regulator says
Coco Feng reports: The telecoms authority of China’s eastern Zhejiang province has told the cloud computing unit of Alibaba Group Holding that it violated the country’s Cybersecurity Law and should make rectifications following a complaint about a 2019 information leak. In a letter dated July 5, the Zhejiang Communications Administration (ZCA) said it found Alibaba Cloud “disclosed…
Federal Court Finds Article III Standing In Data Event Litigation But Dismisses Majority of Plaintiff’s Claims Under Rule 12(b)(6)
Katie Sharpless of Squire Patton Boggs writes: CPW previously has covered multiple decisions that address Article III standing requirements for pleading a claim in federal court. A recent decision out of a federal court in Missouri is an example of a Court finding that Plaintiff properly alleged facts to constitute standing in a data event…
By Design: How Default Permissions on Microsoft Power Apps Exposed Millions
The UpGuard Team writes: The UpGuard Research team can now disclose multiple data leaks resulting from Microsoft Power Apps portals configured to allow public access – a new vector of data exposure. The types of data varied between portals, including personal information used for COVID-19 contact tracing, COVID-19 vaccination appointments, social security numbers for job applicants, employee…
Poly Network confirms return of hacked funds
Teuta Franjkovic reports: The hacker who recently stole more than $600 million out of Poly Network in one of the biggest computer heists ever, has now handed over the private key for the remaining $141 million of looted cryptocurrency. […] In return, Poly Network is to honour a bounty of 161 Ether worth more than…