Unsecured server exposes data for 85% of all Panama citizens.
An Elasticsearch server left connected to the internet without a password, or firewall protection, has leaked what appears to be personal records and patient information for roughly 85 percent of Panama’s citizens.
The leaky server was found online last week by Bob Diachenko, founder and security researcher with Security Discovery…
The same IP address where the Elasticsearch cluster was hosted also exposed RDP endpoints over the internet, allowing anyone to launch brute-force attacks and attempt to compromise the company’s network. Such endpoints should normally be exposed online from behind a firewall that strictly limits who can access them.
Mozilla apologizes for Firefox add-on breakdown.
Mozilla has apologized for the fiasco earlier this month when an expired certificate disabled most users’ Firefox add-ons…
The gaffe began just after 9 p.m. ET on Friday, May 3, when a certificate used to digitally sign Firefox extensions expired. Because Mozilla had neglected to renew the certificate, Firefox assumed add-ons could not be trusted – that they were potentially malicious – and disabled any already installed. Add-ons could not be added to the browser for the same reason.
As users went ballistic, Mozilla rushed a stop-gap fix to the browser via its Studies system, infrastructure normally responsible for pushing test code to small groups or collecting data on reactions to sponsored content. Because the Studies approach did not reach everyone, on May 5 and May 7 Mozilla shipped two Firefox updates – 66.0.4 and 66.0.5 – that corrected the certificate chaining error.
No Branch, No Problem. Citigroup Bets Big on Digital Banking.
In the lean years following the financial crisis, Citigroup C -5.20% Inc. made an unintentional bet on the future of banking, and it is starting to pay off.
…Citigroup added roughly $1 billion in digital deposits in the first quarter, more than all of last year. About two-thirds of that total came from new customers, and a little more than half came from people who don’t live near any of the bank’s roughly 700 branches.
In recent months, the bank has reorganized its consumer unit, knocking down walls between banking and cards. It rolled out a new account through its mobile app aimed at credit-card customers. And it is targeting potential customers with mobile-banking offers tied to the rewards they get for cards.
“For the 21st century, we are glad we never got the ballast of an extra 4,000 branches,” said Stephen Bird, the bank’s chief executive of global consumer banking. “I’m certain it’s going to turn out to be a very fortuitous thing.”