Open database with unprotected passwords discovered, COVID test results sent to wrong person and a defence against Zoombombing.

Welcome to Cyber Security Today. It’s Wednesday November 18th. I’m Howard Solomon, contributing reporter on cybersecurity for To hear the podcast click on on the arrow under:


More sloppy work by somebody engaged on a database. This time an worker at a Texas-based utility internet hosting supplier referred to as Cloud Clusters left a delicate database open to the web that anybody may have accessed. It held greater than 63 million data. The knowledge included usernames and passwords for accounts on the Magento e-commerce and WordPress publishing platforms. Other knowledge included backups and monitoring logs of IT techniques of shoppers. This blunder was discovered final month by a safety firm referred to as Secure Thought and a safety researcher and is just now being publicized. It isn’t identified how lengthy the database was open, however somebody may have copied it, used passwords to fraudulently get into firms and unfold malware, purchase merchandise or assault WordPress content material. Allowing any company database open to the web to be unprotected by a password is unhealthy safety. Holding any unencrypted passwords of both your individual firm or clients is absolutely unhealthy safety.

Speaking of unencrypted knowledge, there’s information that a short-term worker of the Delaware state public well being division twice by accident sent emails to the wrong person with information holding unencrypted COVID-19 test results of individuals. The emails had been supposed to go to one other division. The incident occurred in August however the state is just now admitting it. There are not any particulars of how the error occurred, however there are two prospects: Either the worker misspelled the title of the supposed recipient, or they hit the wrong title within the e-mail contact record. Fortunately no hurt was performed: The person who acquired the information reported the error and deleted the information. It may have been worse. Strangers realizing who has examined constructive for the virus may have tried extorting them. The Delaware well being division stated it has retrained workers on applicable e-mail insurance policies and procedures. Hopefully that included when information must be encrypted. It’s one other instance of why you’ve got to decelerate when studying, reacting to or sending emails.

Schließlich some mischief-makers take enjoyment of interrupting personal videoconferences if they will pay money for assembly passwords and URLs. Most not too long ago a web-based assembly of the Gonzaga University Black Student Union in Washington State wurde unterbrochen by jerks who uttered racial and homophobic slurs. This week Zoom introduced a new service aimed decreasing the chances of that taking place on its platform. When you arrange a videoconference hyperlinks ought to solely go to those that are invited or registered. But some members could submit the hyperlink to a good friend on a social media account like Facebook or Twitter. They assume the message is personal. But their account or their good friend’s will not be. If somebody unauthorized finds that hyperlink they will additionally take part. To struggle this Zoom now continually scans the web searching for publicly out there Zoom assembly hyperlinks. When it finds one it notifies the assembly administrator that the assembly is vulnerable to being infiltrated. The administrator can then determine if the assembly must be rescheduled, with higher safety.

That’s it for Cyber Security Today. Links to particulars about these tales are within the textual content model of every podcast at That’s the place you’ll additionally discover my information tales geared toward companies and cybersecurity professionals.

Cyber Security Today might be heard on Mondays, Wednesdays and Fridays. Subscribe on Apple Podcasts, Google Podcasts or add us to your Flash Briefing in your good speaker. Thanks for listening.

Would you advocate this text?

Thanks for taking the time to tell us what you consider this text!
We’d love to hear your opinion about this or another story you learn in our publication. Click this link to send me a note →

Jim Love, Chief Content Officer, IT World Canada

Verwandte Download
Sponsor: CanadianCIO

Cybersecurity-Gespräche mit Ihrem Board - Ein Überlebensleitfaden
Jetzt Herunterladen