Security Bulletin

More than 1.6 million files belonging to thousands of Etsy, Poshmark, Embroly, and TikTok shop customers, most of whom are located in the U.S., have been exposed as a result of a pair of unsecured Azure Blob Storage containers, Cybernews reports.

Cork Protocol, a decentralized finance platform, was estimated to have lost almost $12.1 million worth of Ethereum following an attack on Wednesday, according to The Record, a news site by cybersecurity firm Recorded Future.

Cybernews reports that international Protestant Christian church and charitable organization Salvation Army was claimed to have been compromised by the Chaos ransomware gang.

Information from 38,000 University of Chicago Medicine Medical Group patients has been pilfered following a breach of third-party debt collection agency Nationwide Recovery Services last July, reports CBS News Chicago.

Major data brokerage firm LexisNexis Risk Solutions had information from over 364,000 individuals stolen following a Christmas cyberattack against GitHub, which the company uses for software development, according to TechCrunch.

The phishing operation is using Telegram groups to sell a phishing-as-a-service kit with customer service, a mascot, and infrastructure that requires little technical knowledge to install.

Researchers are using quantum computers to generate keys that are truly random to strengthen data encryption.

Authentication bypass and command injection flaws facilitate the malicious activity.

Researchers at Oasis Security say the problem has to do with OneDrive File Picker having overly broad permissions.

Among the recommendations, organizations should conduct thorough testing and manage costs, which can be hefty, before implementing the platforms.

Fewer than 4% of enterprise security teams have fully automated their core identity workflows, according to Cerby.