You’d better pray, or get credit monitoring: A popular Christian faith app has unwittingly exposed the personal data of up to 10 million users dating back several years, after misconfiguring its cloud infrastructure, researchers have warned. Santa Monica-headquartered Pray.com claims to be the “#1 App for daily prayer and biblical audio content” and has been downloaded over a million times from the Play Store. Researchers at vpnMentor discovered four misconfigured AWS S3 buckets belonging to the company. Although it had made private around 80,000 files, it failed to replicate these security measures on its Cloudfront CDN, which also had access to the files. This means a hacker could have compromised personal information on as many as 10 million people, most of whom were not even Pray.com users. Read more here.
Can you connect a Tesla to a Playstation next?: Tesla prided itself on its so-called over-the-air updates, pushing out new code automatically to fix bugs and add features. But one security researcher has shown how vulnerabilities in the Tesla Model X’s keyless entry system allow a different sort of update: A hacker could rewrite the firmware of a key fob via Bluetooth connection, lift an unlock code from the fob, and use it to steal a Model X in just a matter of minutes. Lennert Wouters, a security researcher at Belgian university KU Leuven, today revealed a collection of security vulnerabilities he found in both Tesla Model X cars and their keyless entry fobs Read more here.
Would you like a vulnerability scan with your insurance?: To evaluate the risk of a potential client, Coalition electronically scans a company’s devices for RDP. (If it finds the program, Coalition asks the business to disable it and use an alternative service.) And Coalition keeps scanning once you’ve become a customer. “If you’re a policyholder, we scan you 65,000 times a week,” Motta says. “Other insurance carriers are literally basing their assessments on what companies submit in a paper application.” Read more here.
