All news with #insecure defaults tag

Misconfigured Amazon S3 Exposed Tea Party Campaign Data

🔓 On August 28, 2018 the UpGuard Cyber Risk team discovered a publicly readable Amazon S3 bucket named tppcf containing roughly 2GB of campaign files belonging to the Tea Party Patriots Citizens Fund (TPPCF). The data included call lists with full names and phone numbers for about 527,000 individuals, along with strategy documents, call scripts, and marketing assets. UpGuard notified TPPCF on October 1; permissions were briefly set to allow global authenticated users and then removed by October 5. The incident illustrates how cloud misconfiguration can expose sensitive political microtargeting data and create significant privacy risks.

GoDaddy AWS Configuration Data Exposed in Public S3

🔓 The UpGuard Cyber Risk Team discovered a publicly accessible Amazon S3 bucket that contained detailed configuration spreadsheets appearing to describe GoDaddy infrastructure running in the AWS cloud. The files included over 24,000 hostnames and 41 configuration fields per system, plus modeled financials and apparent AWS discounting—information useful for targeted attacks or competitive intelligence. GoDaddy closed the exposure after notification; no credentials were found, but the incident highlights the severe consequences of cloud misconfiguration at scale.

Mass-Scale Vulnerability in Hikvision Surveillance Cameras

🔓 Over 80,000 Hikvision surveillance cameras remain vulnerable to an 11-month-old command injection flaw tracked as CVE-2021-36260, which NIST rated 9.8/10. Researchers report evidence of criminal activity in Russian dark-web forums where leaked credentials are being sold and exploitation collaborations are solicited. The persistent exposure underscores systemic IoT weaknesses, widespread use of default credentials, and uneven patching practices that leave organizations and critical infrastructure at risk.