TechCrunch reports that APIsec, an API security testing company, had its customers' data and other sensitive information dating back to 2018 inadvertently exposed by a misconfigured internal database, which was immediately secured upon the identification of UpGuard researchers earlier last month.Aside from leaking the names and email addresses of its corporate clients' employees and users, such an APIsec database also contained details regarding its customers' attack surfaces, which could prove insightful to threat actors, according to the UpGuard report. Also discovered within the database were AWS private keys and Slack and GitHub account credentials, with APIsec confirming the keys to have been owned by a former employee. Despite initially downplaying the exposed information to contain only test data leveraged by the firm for debugging, APIsec eventually re-investigated the data leak and informed affected customers. Additional details regarding the firm's plans to inform state attorneys general were not disclosed.
Reuters reports that major Chinese state-run telecommunications firms China Telecom, China Mobile, and China Unicom have been subpoenaed by the House Committee on China lawmakers to respond to queries concerning the security of Americans' data collected by their U.S. cloud and internet businesses following recent attacks by Volt Typhoon and other Chinese state-backed threat operations against U.S. telcos and other critical infrastructure.
Widely used workplace time tracking and productivity monitoring software WorkComposer had over 21 million screenshots of employee devices unintentionally leaked by an unprotected Amazon S3 bucket, Cybernews reports.
Kelly Benefits, a Maryland-based benefits administration and payroll solutions provider, has confirmed that almost 264,000 individuals served by its customers Amergis, CareFirst, Beam Benefits, Intercon Truck of Baltimore, Beltway Companies, The Guardian Life Insurance Company of America, Transforming Lives, and Publications Circulation Fulfilment had their data compromised following a cyberattack in December, SecurityWeek reports.
