Cyber Analytics Database Exposed 5 Billion Records Online

1 month ago 55

This tract is operated by a concern oregon businesses owned by Informa PLC and each copyright resides with them.Informa PLC's registered bureau is 5 Howick Place, London SW1P 1WG. Registered successful England and Wales. Number 8860726.

In an ironic twist, Cognyte's information alerts customers to third-party information exposures.

A researcher recently discovered online an unsecured database operated by cybersecurity analytics firm Cognyte that near some 5 cardinal records collected from a scope of information incidents exposed online - and accessible without authentication.

The stored information is portion of Cognyte’s cyber quality service, which is utilized to alert customers to third-party information exposures.

“Ironically, the database utilized to cross-check that idiosyncratic accusation with known breaches was itself exposed. The accusation included names, passwords, email addresses, and the archetypal root of the leak,” Comparitech wrote successful a report.

Comparitech’s information probe pb Bob Diachenko discovered the exposed information connected May 29 and alerted Cognyte, who secured it 3 days later. 

“Thanks to the accusation provided by the information researcher, Volodymyr “Bob” Diachenko, Cognyte was capable to rapidly respond to and artifact a imaginable exposure,” Cognyte said successful a connection to Comparitech.

The afloat study from Comparitech is available here.

Dark Reading's Quick Hits delivers a little synopsis and summary of the value of breaking quality events. For much accusation from the archetypal root of the quality item, delight travel the nexus provided successful this article. View Full Bio

Recommended Reading:

More Insights

Register for Dark Reading Newsletters

The State of Cybersecurity Incident Response

In this study larn however enterprises are gathering their incidental effect teams and processes, however they probe imaginable compromises, however they respond to caller breaches, and what tools and processes they usage to remediate problems and amended their cyber defenses for the future.

Flash Poll

How Enterprises are Developing Secure Applications

How Enterprises are Developing Secure Applications

Recent breaches of third-party apps are driving galore organizations to deliberation harder astir the information of their off-the-shelf bundle arsenic they proceed to determination near successful unafraid bundle improvement practices.

Dark Reading - Bug Report

Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database

CVE-2021-21554
PUBLISHED: 2021-06-14

Dell PowerEdge R640, R740, R740XD, R840, R940, R940xa, MX740c, MX840c, and, Dell Precision 7920 Rack Workstation BIOS incorporate a stack-based buffer overflow vulnerability successful systems with Intel Optane DC Persistent Memory installed. A section malicious idiosyncratic with precocious privileges whitethorn perchance exploit t...

CVE-2021-21555
PUBLISHED: 2021-06-14

Dell PowerEdge R640, R740, R740XD, R840, R940, R940xa, MX740c, MX840c, and T640 Server BIOS incorporate a heap-based buffer overflow vulnerability successful systems with NVDIMM-N installed. A section malicious idiosyncratic with precocious privileges whitethorn perchance exploit this vulnerability, starring to a denial of Service, a...

CVE-2021-21556
PUBLISHED: 2021-06-14

Dell PowerEdge R640, R740, R740XD, R840, R940, R940xa, MX740c, MX840c, and T640 Server BIOS incorporate a stack-based buffer overflow vulnerability successful systems with NVDIMM-N installed. A section malicious idiosyncratic with precocious privileges whitethorn perchance exploit this vulnerability, starring to a denial of Service, ...

CVE-2021-21557
PUBLISHED: 2021-06-14

Dell PowerEdge Server BIOS and prime Dell Precision Rack BIOS incorporate an out-of-bounds array entree vulnerability. A section malicious idiosyncratic with precocious privileges whitethorn perchance exploit this vulnerability, starring to a denial of service, arbitrary codification execution, oregon accusation disclosure successful System Ma...

CVE-2021-32682
PUBLISHED: 2021-06-14

elFinder is an open-source record manager for web, written successful JavaScript utilizing jQuery UI. Several vulnerabilities impact elFinder 2.1.58. These vulnerabilities tin let an attacker to execute arbitrary codification and commands connected the server hosting the elFinder PHP connector, adjacent with minimal configuration...

Read Entire Article