Thousands of Buggy BeyondTrust Systems Remain Exposed
Weeks after the critical vulnerability was reported and a hacking of the Treasury Department, nearly 9,000 BeyondTrust instances remain wide open to the Internet, researchers say.
Stay informed on the latest exposure risks in information security. Expert analysis, breach updates, and data leak prevention tips. Stay secure!
Search across headline titles and summaries.
Background for this topic.
Exposure is the condition in which a system, service, credential, vulnerability, or sensitive information is accessible or discoverable by people or systems that should not reach it. In threat modeling, it describes an attack surface or loss of control—not proof that an attacker has succeeded. Examples include an internet-facing administration interface, cloud storage with unintended permissions, a secret committed to source code, or personal data sent to an unintended recipient. Its significance depends on what is exposed, who can reach it, and which protections remain.
The primary defense is exposure reduction: maintain an accurate asset inventory, remove unnecessary public access, enforce least-privilege permissions and strong authentication, patch externally reachable software, and revoke leaked credentials or secrets. Encryption can limit the value of exposed data, but does not correct an exposed access path. Continuous scanning and log review help identify changes and support rapid containment when exposure is discovered.
Weeks after the critical vulnerability was reported and a hacking of the Treasury Department, nearly 9,000 BeyondTrust instances remain wide open to the Internet, researchers say.
Ethical hacking group Chaos Computer Club uncovered exposed data of electrical vehicle owners across the company's VW, Audi, Seat, and Skoda brands.
Over three million POP3 and IMAP mail servers without TLS encryption are currently exposed on the Internet and vulnerable to network sniffing attacks. [...]
Details have emerged about three now-patched security vulnerabilities in Dynamics 365 and Power Apps Web API that could result in data exposure
Flaw Exposed Vehicle Data and Private Details of Car Owners in EuropeA security snafu at a Volkswagen subsidiary exposed vehicle information and ownership details on approximately 800,000 cars, including precise location data and owners' personal profiles. A whistleblower found a vulnerability in the cloud storage accounts of Volkswagen subsidiary Cariad.
News has been making headlines over the weekend of the extensive attack campaign targeting browser extensions and injecting them with malicious code to steal user credentials. Currently, over 25 extensions, with an install base of over two million users, have been found to be compromised, and customers are now working to figure out their exposure (LayerX, one of the companies involved in
A new attack campaign has targeted known Chrome browser extensions, leading to at least 16 extensions being compromised and exposing over 600,000 users to data exposure and credential theft