Author: Admin

A misconfigured database has exposed what appears to be a major coordinated scheme by Amazon vendors to procure fake reviews for their products. At team at AV reviews site SafetyDetectives found the China-based Elasticsearch server exposed online without any password protection or encryption. The 7GB trove contained over 13 million records including the email addresses and WhatsApp/Telegram phone numbers of vendor contacts, plus email addresses, surnames, PayPal account details and Amazon account profiles of reviewers. According…

Expert discusses the importance of keeping internal computer credentials as safe as your passwords. The need for security never goes away. TechRepublic’s Karen Roby spoke with Robert Haynes of Checkmarx, a software security solution, about World Password Day, May 6, 2021. The following is an edited transcript of their conversation. SEE: Security incident response policy (TechRepublic Premium) Karen Roby: So, passwords are still a thing. Many thought that by this day and age they would…

The need for cybersecurity “never goes away,” expert says: World Password Day Length: 7:08 | May 6, 2021 More than just passwords, internal computer credentials must also be secured. Source link

Scientists find that blaming employees is counterproductive and suggest creating a safe environment for people to admit their mistakes and learn from them. One company already puts that into practice. Image: SvetaZi/Shutterstock Human error is not going away anytime soon, so we need to get past the blame game and figure out how to stop cyber bad guys. Thankfully, several behavioral scientists are working hard to accomplish this, including Amy C. Edmondson, the Novartis Professor…

Cybercriminals are currently enjoying a golden age, with the volume and severity of attacks growing constantly, and an ability to commit hostile acts with impunity. The EU, in its overhaul of cybersecurity laws dubbed NIS2, is committed to ensuring that what’s illegal offline should also be illegal online. For that to happen, cybersecurity researchers need to have access to all the tools possible to detect, trace and prevent crime online, including access to the Internet’s…

The maintainers of the Exim email server software addressed a collection of 21 issues, dubbed 21Nails, that can allow attackers to fully compromise mail servers. The maintainers of the Exim email server software have released security updates to address a collection of 21 vulnerabilities, dubbed 21Nails, that can be exploited by attackers to take over servers and access email traffic through them. Exim is a free mail transfer agent (MTA) used on Unix-like operating systems,…