Data Security Education

Blog, Data Security Education, spammers April 14, 2020

SMS Spam Operation Rebrands, Continues to Leak Customer Information

Earlier this year, I discovered that SMS marketing firm, Rocket Text (rocket-text.com), failed to secure its Mongo database exposing just over 63 million customer emails and phone numbers. Rocket Text, formerly known as ApexSMS, first…

Like this story? Please share it!

Blog, Data Breach, Data Security Education October 11, 2019

When Test Data is Not Test Data

There is a growing trend among organizations and companies to simply deny that live production data is real. As a security researcher I often hear that everyone is a small start-up and all data is…

Like this story? Please share it!

Data Breach, Data Security Education, elasticsearch September 13, 2019

Bold.com Exposed Its Internal Infrastructure

Bold.com, company behind popular solutions to help jobseekers find jobs, and help businesses find candidates – LiveCareer, Resume-Now, my Perfect Resume, Mighty Recruiter – inadvertently exposed part of its internal infrastructure used for project tracking and project…

Like this story? Please share it!

Blog, Data Breach, Data Security Education, mongodb August 8, 2019

Sex Sells! Spanish Chain of “Men’s Clubs” Exposed Its Database

On August 4th I discovered an open and unprotected MongoDB database which appeared to be part of a Spanish company managing a chain of “men’s clubs” across the country. IP with the database in question…

Like this story? Please share it!

Blog, Data Security Education, mongodb, Opinion Article July 29, 2019

Even randomized dummy data should be protected

A database belonging to online voting system provider Everyone Counts has been exposed, leaving what appears to be “randomized and anonymized” data used to simulate millions of voters and election workers open to the public….

Like this story? Please share it!

Blog, Data Breach, Data Security Education, jenkins July 8, 2019

GE Aviation exposed internal configs via open Jenkins instance

Back in June I decided to check how many open Jenkins instances are available for search and did additional parsing of Shodan search results html pages for better understanding. Jenkins is a service instance used…

Like this story? Please share it!

Data Security Education February 6, 2019

Data Breaches by Insiders, Are You at Risk?

An astonishing 1 in 4 data breaches happen because of someone inside the organization and not a malicious actor. In 2018 a data breach report by Verizon found that 25% of attacks were made by…

Like this story? Please share it!

Data Security Education January 16, 2019

What to do after a data breach

Two words no one wants to hear are “data breach”. It can not only be a nightmare for your reputation but could also result in fines or legal trouble. So the reality is no one…

Like this story? Please share it!

Data Security Education November 13, 2018

Top 10 Steps to prevent a Data Breach

Today more than ever we live in a digital world that changes faster than we can protect the files and data we have stored. There is no silver bullet or magic solution to preventing…

Like this story? Please share it!

Data Security Education November 2, 2018

The Shocking Cost of a Data Breach to Small and Medium Sized Businesses

Small Businesses Are Under Attack now more than ever before. Let’s face it the tech giants have the resources to focus on the data security of their customers and users. Even though they spend millions…

Like this story? Please share it!

Data Security Education November 2, 2018

Can Your Business Survive? The Average Cost of a Data Breach is $7.35 million

A data breach can devastate a business or private entity unlike anything else. It is estimated that over 50% of U.S. businesses have had some form of a cyber attack in the past year. The…

Like this story? Please share it!

Data Security Education November 2, 2018

The Real Value of a Breach Discovery Bounty

What is a Breach Discovery Bounty? You may have heard of a “Bug Bounty” before? It is a program offered by many websites and software developers pay compensation for reporting bugs, especially those pertaining to…

Like this story? Please share it!