Global gaming hardware manufacturing company Razer leaked the personal information of around 100,000 customers by storing their data in an Elasticsearch cluster that was misconfigured to enable public access, security researcher Bob Diachenko has revealed.

The personal information of around 100,000 Razer customers was stored by the company in a large log chunk within an Elasticsearch cluster. The cluster was indexed by several public search engines as it was misconfigured for public access since 18th August.

According to Diachenko, who is well-known for unearthing publicly-exposed online databases, personal information stored in the log included full names, email addresses, phone numbers, customer internal IDs, order numbers, order details, billing, and shipping addresses.

“The customer records could be used by criminals to launch targeted phishing attacks wherein the scammer poses as Razer or a related company,” Diachenko said, adding that customers should be on the lookout for malicious emails or messages that might encourage them to click on links to fake login pages or download malware onto their device.

“We were made aware by Mr. Volodymyr [Diachenko] of a server misconfiguration that potentially exposed order details, customer, and shipping information. No other sensitive data such as credit card numbers or passwords were exposed,” Razer said after the breach was disclosed by Diachenko.

“The server misconfiguration has been fixed on 9 Sept, prior to the lapse being made public. We would like to thank you, sincerely apologize for the lapse, and have taken all necessary steps to fix the issue as well as to conduct a thorough review of our IT security and systems. We remain committed to ensuring the digital safety and security of all our customers,” the company added.

Commenting on the latest instance of a company exposing customer via a misconfigured online database, Chris DeRamus, VP of Technology, Cloud Security Practice at Rapid7, said to avoid cloud misconfigurations, companies need to immediately shift toward a new model of security that provides continuous controls and enforces secure configurations of cloud services, instead of attempting to do so only after a breach has occurred.

“Organisations need a security solution that provides the automation essential to enforce policy, reduce risk, provide governance, impose compliance, and increase security across a large-scale, hybrid cloud infrastructure. Automation takes the headache out of making cloud infrastructure secure in a shared responsibility world by providing a framework for what organizations should be doing via a continuous, real-time process.

“By leveraging security automation, companies can stay agile and innovate while maintaining the integrity of their technology stacks and applying the unique policies necessary to operate their businesses,” he added.

Lloyds Bank customers are being targeted by a sophisticated email and SMS messaging phishing campaign, according to an investigation by law practice Griffin Law.

An estimated 100 people have reported receiving fake communication purporting to be from Lloyds, which is one of the largest banks in England and Wales.

In the email scam, a realistic-looking email using Lloyds logos and branding is distributed containing the subject header: “Alert: Document Report – We noted about security maintenance.” The message, which has spelling errors and some Chinese characters, claims that the recipient’s bank account has been compromised, stating: “Your Account Banking has been disabled, due to recent activities on your account, we placed a temporary suspension until you verify your account.”

Users are then redirected to a fraudulent site called Lloyds[Dot]bank[Dot]unusual-login[Dot]com, which attempts to trick visitors into believing it is legitimate through the use of official branding. The site then requests customers’ log-in details including passwords, account information and security codes and other personal data.

In the SMS version of the scam, people received a text attempting to entice them into visiting the same fraudulent site. It says: “ALERT FROM LLOYDS: New device attempted to set up a payee to XXX. If this was NOT you, visit: Lloyds[Dot]bank[Dot]unusual-login[Dot]com.”

In a tweeted response to a user who informed them they had received the scam email, Lloyds Bank said: “This isn’t a genuine message from us; it’s a scam. If possible, could you please forward this email or text message to us at: emailscams@lloydsbank.co.uk.”

Commenting on Griffin Law’s discovery, Chris Ross, SVP at Barracuda Networks, said: “Hackers often hijack the branding of legitimate companies in order to steal confidential financial data from unsuspecting victims.

“These scams can be very convincing, making use of official logos, wording and personalised details to lull the individual into a false sense of security. In most cases, the victim will be directed to a fraudulent but realistic-looking website, where they are urged to enter account details, passwords, security codes and PIN numbers.

“Phishing attacks like this pose a huge risk both to individuals and the companies they work for, especially if hackers gain access to a business bank account. Tackling this problem requires robust policies and procedures as well as the latest email security systems in place to identify and block these scams before they reach the inbox.”

New research from Kaspersky has discovered that of the 32% of Brits provided with a corporate desktop computer, only 77% have adequate anti-virus or cybersecurity software installed, leaving 23% of company desktops significantly insecure and exposed to cyber-threats.

This is also the case for company smartphones, 23% of which are unprotected, according to the security giant.

Kaspersky did point out that corporate laptops are slightly more likely to be protected than desktops and smartphones, although it stated that one in five laptops still lack adequate security software.

Kaspersky commissioned Arlington Research to interview 2000 UK consumers aged 18+ in June 2020.

The figures gathered are particularly concerning given the current remote working trend brought about by the COVID-19 pandemic, which has seen 48% of the UK’s 32.9 million workers work remotely from their normal workplace this year.

With regards to personal devices being used for corporate means – something that has become more common since COVID-19 lockdowns and remote working strategies were introduced – Kaspersky’s findings make for even more troubling reading.

For example, more than half of those surveyed by Kaspersky stated that they use personal smartphones to check work email, while 36% rely on their personal laptop or desktop for work. However, personal devices are even less likely to be protected by adequate security software than employer-supplied equipment, Kaspersky found.

“When company devices are used outside the workplace, they are at greater risk of cyber-threats,” said David Emm, principal security researcher at Kaspersky. “Therefore, it’s troubling to discover that nearly a quarter of corporate computers and smartphones lack anti-virus software, leaving them potentially vulnerable to attack.

“It’s important that all businesses pre-install staff computers and devices with security software to ensure they are protected at all times. Employers must also make sure staff know how to install or check the status of anti-virus software while working on personal, or company devices from home, to secure corporate information and networks.”

A vulnerability in the TeamViewer app could allow malicious actors to steal passwords.

The high-severity flaw was discovered in the desktop version of the app for Windows before 15.8.3. By exploiting the weakness, authenticated threat actors operating remotely could execute code on victims’ systems or crack their TeamViewer passwords.

TeamViewer is a proprietary software application that allows users to control a range of smart devices remotely to perform functions like file transfers, desktop sharing and web conferencing.

As a result of flaw CVE-2020-13699, TeamViewer Desktop for Windows does not properly quote its custom URI handlers. As a result, an attacker could force a victim to send an NTLM authentication request and either relay the request or capture the hash for offline password cracking.

Victims could also be persuaded to go to a specific website set up by threat actors to steal credentials or personal data.

The flaw’s discoverer, security engineer at Praetorian, Jeffrey Hofmann, explained: “An attacker could embed a malicious iframe in a website with a crafted URL that would launch the TeamViewer Windows desktop client and force it to open a remote SMB share.”

According to Hofmann, most web browsers are set up to prevent attacks like this from happening.

He said: “Every modern browser except for Firefox URL encodes spaces when handing off to URI handlers which effectively prevents this attack.”

TeamViewer versions prior to 15.8.3 are vulnerable to the flaw, which has been fixed in the latest release.

Andy Harcup, VP, Absolute Software, commented: “Security flaws in certain software and applications will always be located and exploited by opportunistic cyber-attackers, and this latest revelation could potentially impact millions of Windows users.”

Harcup advised companies to protect their operating system by keeping up with the latest security updates.

“For users to ensure that they are kept safe from the influx of cyber-attacks now facing them, the IT operations team must ensure their systems are kept up-to-date, whilst training their staff to simultaneously maintain a high level of online vigilance and awareness toward internet safety protocol. It is important for enterprises to keep the operating system up-to-date with the latest security updates in order to ensure maximum protection.”

Nearly half (47%) of UK IT leaders have not updated their security strategies to account for their move to cloud environments, putting their organizations at higher risk of cyber-attack, according to a new study by Trend Micro commissioned for CLOUDSEC Online.

This is despite the fact that traditional on-premises security such as firewalls, network intrusion prevention systems (IPS/IDS) and anti-virus are unsuitable for cloud environments as they tend to create performance bottlenecks and security gaps.

Yet the survey showed that many IT leaders are keen for a single platform to provide cloud and on-premises security, with lack of integration between the two types of tooling cited by 43% of respondents as the biggest barrier to the adoption of cloud security. Additionally, 33% stated that this integration issue was their biggest day-to-day operational headache.

Over half (55%) also expressed a desire for third-party security providers to integrate with multiple platform and application vendors, while 54% want a security vendor “aligned” to their cloud journey.

The report noted that security vendor integration is becoming more important as organizations increasingly shift to multi-cloud environments.

Bharat Mistry, principal security strategist at Trend Micro, commented: “This is particularly concerning as 23% of organizations explained that they’ve already moved partly or fully to a DevOps model in order to drive digital transformation. Container, serverless and other emerging technologies require specially designed security capabilities delivered as application program interfaces (APIs) in order to provide appropriate protection without interrupting development pipelines.”

Earlier this month, the 2020 Cloud Security Report revealed that configuration errors are the number one threat to cloud security in the view of industry professionals, with multiple barriers to the further adoption of cloud services outlined by those surveyed.