Collaborating Authors

Garmin's Navionics exposed data belonging to thousands of customers


Garmin-owned Navionics has inadvertently exposed data belonging to thousands of customers. The database contained 19GB in information relating to products and customers, including 261,259 unique customer records. These records contained email addresses, some names, purchased products IDs, and user IDs. In addition, the database also contained customer software data such as application version, the platform used, device ID, longitude and latitude, boat speed, and other navigation details. Navionics boasts the "world's number one boating app" which includes cartography for marine and lakes suitable for cruising, fishing, and sailing.

ServiceNow releases guidance on Access Control List misconfigurations


ServiceNow has published guidance for its customers related to Access Control List (ACL) misconfigurations after an AppOmni security report found that 70% of the instances they tested had the issue. In a report released on Wednesday, AppOmni explained that the common misconfigurations come from a "combination of customer-managed ServiceNow ACL configurations and overprovisioning of permissions to guest users." A ServiceNow spokesperson told ZDNet that this is a "well-known" issue that happens when end users do not apply recommended configuration and governance controls to their SaaS platforms. "ServiceNow regularly publishes security configuration and best practice guidance to help our customers. We recommend that customers continuously monitor their security settings and user permissions to ensure that their instances are configured as intended, with an emphasis on permission levels for external users," the spokesperson said.

Sophos notifies customers of data exposure after database misconfiguration


UK-based cyber-security vendor Sophos is currently notifying customers via email about a security breach the company suffered earlier this week. A roundup of the best software and apps for Windows and Mac computers, as well as iOS and Android devices, to keep yourself safe from malware and viruses. "On November 24, 2020, Sophos was advised of an access permission issue in a tool used to store information on customers who have contacted Sophos Support," the company said in an email sent to customers and obtained by ZDNet. Exposed information included details such as customer first and last names, email addresses, and phone numbers (if provided). A Sophos spokesperson confirmed the emails earlier today and told ZDNet that only a "small subset" of the company's customers were affected but did not provide an approximate number.

Most cloud security problems breathe


A study by Ponemon and IBM indicates that misconfigured cloud servers cause 19% of data breaches. This is an expensive problem with an average cost of half a million dollars per breach. This figure does not consider the potential PR nightmare that could take down the company. Today the pandemic has us working at home, which makes us all more dependent on cloud computing. In addition to its other benefits, the cloud offers more modern security measures than on-premises platforms, so the Global 2000 made a quick push to public clouds.

Verizon and WWE Data Exposures Come Down to Human Error


An improperly set up database can inadvertently expose whatever information it contains online. It's the kind of minor error anyone might make in the course of their jobs–except with the ability to impact millions of consumers and users whose data gets exposed. Even worse, misconfigurations can put information at risk in all sorts of services, not just traditional databases. In particular, mistakes companies have made with their Amazon S3 cloud repositories have offered bracing reminders of the extent of the misconfiguration problem. Late last week, World Wrestling Entertainment confirmed that an S3 bucket misconfiguration had exposed personal data for three million of its fans.