Experimental News Clipping Site

Tag: robust security practices

  • The Register: Amazon sued for allegedly slurping sensitive data via advertising SDK

    by

    Kurt Seifried
    in

    Source URL: https://www.theregister.com/2025/01/30/amazon_sued_for_snarfing_sensitive/ Source: The Register Title: Amazon sued for allegedly slurping sensitive data via advertising SDK Feedly Summary: Harvesting of location data and other personal info without user consent, lawsuit claims Amazon and its advertising subsidiary have been sued for allegedly collecting personal and location data from third-party mobile apps without obtaining users’ informed…

  • Hacker News: Exposed DeepSeek Database Leaking Sensitive Information, Including Chat History

    by

    Kurt Seifried
    in

    Source URL: https://www.wiz.io/blog/wiz-research-uncovers-exposed-deepseek-database-leak Source: Hacker News Title: Exposed DeepSeek Database Leaking Sensitive Information, Including Chat History Feedly Summary: Comments AI Summary and Description: Yes **Summary:** The text discusses a critical security vulnerability identified in DeepSeek’s publicly accessible ClickHouse database, which exposed sensitive information related to AI operations. Wiz Research’s responsible disclosure of an unprotected database…

  • Wired: Exposed DeepSeek Database Revealed Chat Prompts and Internal Data

    by

    Kurt Seifried
    in

    Source URL: https://www.wired.com/story/exposed-deepseek-database-revealed-chat-prompts-and-internal-data/ Source: Wired Title: Exposed DeepSeek Database Revealed Chat Prompts and Internal Data Feedly Summary: China-based DeepSeek has exploded in popularity, drawing greater scrutiny. Case in point: Security researchers found more than 1 million records, including user data and API keys, in an open database. AI Summary and Description: Yes Summary: The text…

  • Hacker News: Sei (YC W22) Is Hiring

    by

    Kurt Seifried
    in

    Source URL: https://www.ycombinator.com/companies/sei/jobs/LeAtLYf-full-stack-engineer-typescript-react-gen-ai Source: Hacker News Title: Sei (YC W22) Is Hiring Feedly Summary: Comments AI Summary and Description: Yes Summary: The text describes Sei, an AI-powered regulatory compliance platform targeting enterprise customers, which underscores its rapid growth and need for skilled engineers. Notably, it highlights the importance of secure systems and familiarity with Generative…

  • The Register: FortiGate config leaks: Victims’ email addresses published online

    by

    Kurt Seifried
    in

    Source URL: https://www.theregister.com/2025/01/23/fortigate_config_leaks_infoseccers_list_victim_emails/ Source: The Register Title: FortiGate config leaks: Victims’ email addresses published online Feedly Summary: Experts warn not to take leaks lightly as years-long compromises could remain undetected Thousands of email addresses included in the Belsen Group’s dump of FortiGate configs last week are now available online, revealing which organizations may have been…

  • Slashdot: Mastercard DNS Error Went Unnoticed for Years

    by

    Kurt Seifried
    in

    Source URL: https://it.slashdot.org/story/25/01/22/1851200/mastercard-dns-error-went-unnoticed-for-years?utm_source=rss1.0mainlinkanon&utm_medium=feed Source: Slashdot Title: Mastercard DNS Error Went Unnoticed for Years Feedly Summary: AI Summary and Description: Yes Summary: A security researcher uncovered a five-year-long critical DNS misconfiguration in Mastercard’s systems that created significant security risks. The incident highlights the vulnerabilities in domain configurations which are vital to maintain robust information security practices.…

  • Hacker News: Mastercard DNS Error Went Unnoticed for Years

    by

    Kurt Seifried
    in

    Source URL: https://krebsonsecurity.com/2025/01/mastercard-dns-error-went-unnoticed-for-years/ Source: Hacker News Title: Mastercard DNS Error Went Unnoticed for Years Feedly Summary: Comments AI Summary and Description: Yes Summary: The incident involving MasterCard’s DNS misconfiguration underscores the critical importance of accurate DNS management as a security measure in the financial sector. The flaw, which existed for nearly five years, highlights potential…

  • The Register: GoDaddy slapped with wet lettuce for years of lax security and ‘several major breaches’

    by

    Kurt Seifried
    in

    Source URL: https://www.theregister.com/2025/01/15/godaddy_ftc_order/ Source: The Register Title: GoDaddy slapped with wet lettuce for years of lax security and ‘several major breaches’ Feedly Summary: Watchdog alleged it had no SIEM or MFA, orders rapid adoption of basic infosec tools GoDaddy has failed to protect its web-hosting platform with even basic infosec tools and practices since 2018,…

  • Cisco Talos Blog: Slew of WavLink vulnerabilities

    by

    Kurt Seifried
    in

    Source URL: https://blog.talosintelligence.com/slew-of-wavlink-vulnerabilities/ Source: Cisco Talos Blog Title: Slew of WavLink vulnerabilities Feedly Summary: Lilith >_> of Cisco Talos discovered these vulnerabilities. Forty-four vulnerabilities and sixty-three CVEs were discovered across ten .cgi and three .sh files, as well as the static login page, of the Wavlink AC3000 wireless router web application.  The Wavlink AC3000 wireless router is…

  • Rekt: Orange Finance – Rekt

    by

    Kurt Seifried
    in

    Source URL: https://www.rekt.news/orange-finance-rekt Source: Rekt Title: Orange Finance – Rekt Feedly Summary: First significant hack of 2025. Orange Finance got squeezed for $843.5k after their ‘multi-sig’ turned out to be uni-sig. Their contract is no longer Orange, their security was never golden. Another private key leaks, another protocol rots. AI Summary and Description: Yes Summary:…