A new case of misconfigured Amazon AWS bucket has grabbed the eyeballs of security experts. The unprotected database which reportedly belongs to an online packaging marketplace, Bizongo, had leaked 643 GB worth of data online.
Top Breaches Reported in the Last 24 Hours
Babuk ransomware posts 500 GB of data
Babuk ransomware operators have reportedly posted 500 GB worth of Houston Rockets’ internal business data on its dark web forum. The alleged data includes contracts, non-disclosure agreements, and financial data.
Bizongo leaks data
An online packaging marketplace, Bizongo, was affected by a data leak incident that occurred in December 2020. During this time period, approximately 2,532,610 files were exposed due to misconfigured AWS S3 data bucket.
Top Vulnerabilities Reported in the Last 24 Hours
A vulnerability in one of the Go libraries that Kubernetes is based on could lead to Denial of Service (DoS). The flaw (CVE-2021-20291) affects the Go library called ‘containers/storage’. Patches for the bug have been issued in version 1.28.1 of containers/storage, CRI-O version v1.20.2, and Podman version 3.1.0.
SAP issues patches
SAP has issued 14 new security notes and 5 updates as part of April 2021 Security Patch Day. One of the fixes is for a critical issue in SAP commerce. The critical vulnerability, tracked as CVE-2021-27602, could be exploited by remote attackers to execute code on vulnerable installs. It is rated a CVSS score of 9.9.
PoC for Unpatched Chromium flaw
Top Scams Reported in the Last 24 Hours
Fake LinkedIn email leads
Users of employment-oriented services are being targeted with customized phishing emails that attempt to hijack their LinkedIn accounts or promote fake LinkedIn email leads. According to the Bitdefender Antispam Lab telemetry, over 500 million scam emails selling premium LinkedIn leads have been spotted across the U.S., the Middle East, and Canada. The emails
advertise the delivery of “verified and 100% accurate LinkedIn leads” but rarely stick to their word, siphoning off thousands of dollars from targets.