A selection of this week’s more interesting vulnerability disclosures and cyber security news. A lot to get worked up about this week, and I will skip the majority of the noise about British Airways and yet more MongoDB related shenanigans, to highlight another kind of oversight: Deploying publicly accessible web content with Git and not cleaning up afterwards – or not doing it in the first place perhaps:
- Open .Git Directories Leave 390K Websites Vulnerable An exhaustive scan shows hundreds of thousands of websites potentially exposing sensitive data such as database passwords, API keys and so on.
Not sure how angry I would be, not being a Chrome user, but its easy to understand. Certainly confusion when we’re told to watch out for similar domains used by phishing scams. Unexpected changes really don’t inspire confidence… But then who really pays attention anyway?
Have to get one IoT in and this article title really sums up all that is wrong:
Read on, and don’t get too worked up, its nearly the weekend…
- Card-stealing code that pwned British Airways, Ticketmaster pops up on more sites via hacked JS (The Register)
- Millions of Records Exposed in Veeam Misconfigured Server Exposed data included names, emails addresses and IP addresses.