New Breaches

Blacklist Alliance

  • A California-based organization that helps telemarketing companies avoid lawsuits for unsolicited calls exposed some of its internal files to the internet.
  • Thousands of documents, emails, spreadsheets, images and the names tied to countless mobile phone numbers all could be viewed or downloaded without authentication from the domain theblacklist.click.
  • The phone numbers of those who've filed complaints about unsolicited telemarketing.
  • The directory also included all 388 Blacklist customer API keys, as well as each customer’s phone number, employer, username and passwords.

KreditPlus

  • The Indonesian company had a data breach exposing nearly 1.3 million account.
  • The breach contained large numbers of financial personal information including names, family makeup, income, employment information and more.

TrueFire

  • A breach dating back to February has just been exposed.
  • 600,000 accounts being compromised.
  • The data includes personal information, account balances, physical addresses and passwords.

Microsoft Paid $13.7M in Bug Bounty Rewards in 2019-2020

  • Microsoft has awarded security research a total of $13.7 million in bug bounties.
  • more than three times the $4.4 million it paid out last period.
  • Between July 1, 2019, and June 30, 2020, Microsoft received 1,226 eligible vulnerability reports.
  • Awarded 327 security researchers across six continents.
  • Its largest award in this time frame totaled $200,000.
  • In addition to the 15 bounty programs microsoft ran last year, outline that there has been a huge increase in vulnerability report since the COVID-19 health crisis.

Source Microsoft

Cloudflare reports DDoS Attacks Doubled in Q2 Compared with Prior Quarter

  • The number of network layer–distributed denial-of-service (DDoS) attacks doubled last quarter compared with the previous three months.
  • Between April and June, Cloudflare observed an increase in the number of both small and large DDoS attacks.
  • Security researchers have reported similar increases in phishing, ransomware, and other attacks in the months since the COVID-19.
  • United States received the most number of attacks (22.6%), followed by Germany (4.4%), Canada (2.7%) and Great Britain (2.6%).
"The trends that we saw in first-quarter 2020 of increasing DDoS attacks continued and even accelerated over the last few months. The number of Layer3/Layer 4 DDoS attacks observed over our network doubled compared to that in the first three months of the year,"
John Graham-Cumming, CTO at Cloudflare.
  • 88% of attacks involving more than 100 Gbit/s of DDoS traffic were launched after COVID-19-related shelter-in-place mandates went into effect.
  • The biggest attack that Cloudflare mitigated last quarter involved 754 million packets per second at its peak lasting 4 days.

Source CloudFlare

Cloud breaches are predicted to continue to grow  in Accurics report

  • Cloud storage services were compromised that led to 845 GB of information from at least eight popular dating apps containing highly personal and sensitive data being exposed.
  • Misconfigured cloud storage services were commonplace in 93% of cloud deployments that were analyzed
  • Hardcoded private keys were found in 72% of deployments. 41% of hardcoded heys had high privileges.
  • Specifically, one in two deployments had unprotected credentials stored in container configuration files, which is worrisome given that 84% of organizations are using containers.
  • Only 4% of issues that are detected are actually addressed

Source Accurics