TechCrunch reports that APIsec, an API security testing company, had its customers' data and other sensitive information dating back to 2018 inadvertently exposed by a misconfigured internal database, which was immediately secured upon the identification of UpGuard researchers earlier last month.Aside from leaking the names and email addresses of its corporate clients' employees and users, such an APIsec database also contained details regarding its customers' attack surfaces, which could prove insightful to threat actors, according to the UpGuard report. Also discovered within the database were AWS private keys and Slack and GitHub account credentials, with APIsec confirming the keys to have been owned by a former employee. Despite initially downplaying the exposed information to contain only test data leveraged by the firm for debugging, APIsec eventually re-investigated the data leak and informed affected customers. Additional details regarding the firm's plans to inform state attorneys general were not disclosed.
Urban One, a U.S. media conglomerate focused on the African American community, has disclosed having its employees' personal data and other corporate information exfiltrated in a "sophisticated social engineering campaign" in February, which was claimed by the Cactus ransomware operation last month, reports The Record, a news site by cybersecurity firm Recorded Future.
Popular e-commerce platform WooCommerce had its users targeted with malware spread via bogus security alerts as part of a far-reaching phishing campaign, Security Affairs reports.
