Sprint: Hackers have violated user accounts via a Samsung site
infosec

Sprint: Hackers have violated user accounts via a Samsung site

US mobile operator Sprint said he was hacked, as some criminals managed to access accounts ...
Read More
infosec

Hamas hits Israeli soldiers through WhatsApp

Using the popular WhatsApp messaging application, Hamas is trying to hijack soldiers of the Israeli army to gain access ...
Read More
infosec

DoppelPaymer: The new ransomware coming from BitPaymer

Some security researchers, specializing in malware, have discovered a new ransomware, which they called DoppelPaymer. DoppelPaymer ransomware is used ...
Read More
infosec

The iOS URL Scheme allows app-in-the-middle attacks

Some security researchers have discovered a new app-in-the-middle attack, which allows for a malicious app installed in iOS ...
Read More
infosec

Hacker stole data from millions of Bulgarian citizens and sent them to the media

A new data breach incident came to light. A mysterious hacker (or group of hackers) managed to steal millions of personal data ...
Read More
Latest Posts

Hotel server vulnerability allows for leakage of personal data

The vpnMentor survey team identified the data leakage of a suite of hotels including Marriott, which is managed by the The Pyramid Hotel Group. This leak seems to show server defects, which if a hacker exploits them might have allowed a future mass attack.

Server

Η leakage this shows that it concerns 85,4GB security files and contains personal identification data of company employees until April 19 2019. This date could be some system setup or maintenance that affected it server and made it open and available to the world.

Wazuh is an intrusion detection system and is used by The Pyramid Hotel Group on a server that suffers and may allow access to the system by hackers. Access to this data enables anyone attacking the system to monitor the hotel network, collect valuable information for administrators and other users, and create the background for future attack. It also allows the attacker to see what the security team sees, learn from their system-based efforts, and adjust their attacks accordingly.

The worst case scenario, of course, is to expose this leak to hackers, hotel customers and their personal data. The information that hackers complain about is private, secret, and usually concerns a team of hotel staff who manage them.

With expertise on the subject and the necessary know-how, the vpnMentor research team examines the database to confirm its identity. After recognition, they communicate the leak to the database owner. If feasible, they are alerted who may be directly affected.

Companies can avoid such a situation by taking immediate action security measures.

The server must always be secured. Still to create and implement appropriate access rules. Finally, there should never be a system that does not require authentication open.

Share
Do you have an opinion? Leave your comment.

The author allows you to copy his / her text only if you report the source (SecNews.gr), as an e-mail address (Live URL) of the article.
Updated on by

Reader Interactions

Leave a reply

Your email address is not published. Τα υποχρεωτικά πεδία σημειώνονται με *