Monthly Security Digest for September
Every month, we are covering the major security events for our clients. Please find an exclusive selection below.
100M IoT Devices Exposed By Zero-Day Bug
A zero-day vulnerability was found in NanoMQ that exposed more than 100 million devices across 10,000 enterprises vulnerable to attacks. NanoMQ is an open-source platform from EMQ that acts as a message broker to deliver alerts when an activity is detected.
Payment API Exposes User Records
The personal and payment information belonging to millions of consumers was exposed due to API security vulnerabilities affecting multiple apps. Security researchers at CloudSEK had discovered mobile apps with API keys that are hardcoded in the app packages which exposed personal and payment information.
3.8 Billion User Records for Sale
A threat actor has combined the 3,8 billion phone numbers leaked from social-media platform Clubhouse with 533 million Facebook profiles and is selling the trove of personally identifiable information (PII) to the highest bidder on the underground market. The combined trove contains names, phone numbers, and other data, and is listed on an underground forum for 100,000 dollars for all 3.8 billion entries.