• About
  • Advertise
  • Careers
  • Contact
Saturday, July 2, 2022
No Result
View All Result
NEWSLETTER
Cyber360 News
  • Home
  • Security
  • Data Breach
  • Cyber Attacks
  • Cyber Security
  • Cyber Crime
  • Contact Us
  • Home
  • Security
  • Data Breach
  • Cyber Attacks
  • Cyber Security
  • Cyber Crime
  • Contact Us
No Result
View All Result
Cyber360 News
No Result
View All Result
Home Data Breach

Blisk browser left open, 2.9 million records exposed

by Cyber360 News
March 17, 2020
in Data Breach
0
Blisk browser left open, 2.9 million records exposed
0
SHARES
2
VIEWS
Share on FacebookShare on Twitter

The web-development
browser Blisk suffered a data breach leaking more than 2.9 million records
through an open Elasticsearch database that was left open and that bypassed the
security put in place by its users.

The browser has
been compromised in a way that it now leaks the data it was designed to gather
from web development teams, UX designers and web engineers, according to Noam
Rotem and Ran Locar, leaders of VPNMentor’s security team, who uncovered the
problem. Blisk has been operating since 2014 and VPNMentor said it has NASA,
Microsoft, Apple, eBay and UNICEF as its customers and others from around the
world.

The
information exposed included more than 1,000 email addresses – including a
ca.gov email address, IP addresses and user agent details. All of which can be
used to create legitimate appearing phishing emails to be used against the
customers.

Rotem and
Locar said Blisk intentionally set up its browser without any security layer at
all, and it also bypassed any security implemented by its users.

“Since the
browser ‘sees’ what the user sees, it can potentially bypass every encryption,
2-factor authentication, and any other measure they have in place. If the user
is using software that is not heavily secured, this can lead to very serious
security breaches. It appears that no matter what security measures you put in
place while using Blisk, your data would still potentially be leaked,” the researchers said.

The open database
was found on December 2, 2019, the vendor was contacted two days later and had
taken action to protect in the information on December 9.

Topics:

Big Data

Cyber360 News

Cyber360 News

Next Post
Most organizations have yet to fix CVE-2020-0688 Microsoft Exchange flaw

Most organizations have yet to fix CVE-2020-0688 Microsoft Exchange flaw

Recent Posts

Twitch’s Entire Critical Data Leaked, Includes Streamer Earnings, Source Code

Twitch’s Entire Critical Data Leaked, Includes Streamer Earnings, Source Code

October 6, 2021
Former U.S. Security Firm Helped The UAE Carry Out “Karma” iMessage Hack: MIT Tech Review

Former U.S. Security Firm Helped The UAE Carry Out “Karma” iMessage Hack: MIT Tech Review

October 1, 2021
Facing “This App Has Been Blocked For Your Protection” Issue? Here’s How You Can Fix It

Facing “This App Has Been Blocked For Your Protection” Issue? Here’s How You Can Fix It

October 1, 2021

Whats New in Kali Linux?

September 14, 2021

Kali Linux 2019.3 Release (CloudFlare, Kali-status, metapackages, Helper-Scripts & LXD)

September 14, 2021

Kali Linux 2021.3 Release (OpenSSL, Kali-Tools, Kali Live VM Support, Kali NetHunter Smartwatch)

September 14, 2021

Kali Linux 2018.4 Release

September 14, 2021

Kali Linux 1.0.5 and Software Defined Radio

September 14, 2021

Kali Tools Website Launched, 1.0.9 Release

September 14, 2021

Kali Linux Dojo at Black Hat Vegas 2016

September 14, 2021

Category

Site Links

  • Log in
  • Entries feed
  • Comments feed
  • WordPress.org

About Us

We bring you the best Premium WordPress Themes that perfect for news, magazine, personal blog, etc. Check our landing page for details.

© 2019 Cyber360 News - Powered by WebSensePro

No Result
View All Result
  • Home
  • Security
  • Data Breach
  • Cyber Attacks
  • Cyber Security
  • Cyber Crime
  • Contact Us

© 2019 Cyber360 News - Powered by WebSensePro

Login to your account below

Forgotten Password?

Fill the forms bellow to register

All fields are required. Log In

Retrieve your password

Please enter your username or email address to reset your password.

Log In