India’s federal election commission has fixed flaws on its website that exposed data related to citizens’ requests for information related to their voting eligibility status, local political candidates and parties, and technical details about electronic voting machines.
The bugs allowed access to the RTI requests, download transaction receipts, and responses shared by the officials without properly authenticating user logins.
Some of the exposed data included the RTI filing date, the questions asked, the applicant’s name and mailing address, the applicant’s poverty line status, and RTI responses.
The bugs were fixed earlier this week following CERT-In’s intervention.
The Election Commission of India did not respond to a request for comment.
Security researchers say a pair of easy-to-exploit flaws in a popular remote access tool used by more than a million companies around the world are now being mass-exploited, with hackers abusing the vulnerabilities to deploy ransomware and steal sensitive data.
ConnectWise first disclosed the flaws on February 19 and urged on-premise customers to install security patches immediately.
Finnish cybersecurity firm WithSecure said in a blog post Monday that its researchers have also observed “en-mass exploitation” of the ScreenConnect flaws from multiple threat actors.
It’s not yet known how many ConnectWise ScreenConnect customers or end users are affected by these vulnerabilities, and ConnectWise spokespeople did not respond to TechCrunch’s questions.
The company’s website claims that the organization provides its remote access technology to more than a million small to medium-sized businesses that manage over 13 million devices.
An Indian state government has fixed security issues impacting its website that exposed the sensitive documents and personal information of millions of residents.
The bugs existed on the Rajasthan government website related to Jan Aadhaar, a state program to provide a single identifier to families and individuals in the state to access welfare schemes.
One of the bugs allowed anyone to access personal documents and information with knowledge of a registrant’s phone number.
The state’s Jan Aadhaar portal, which launched in 2019, says it has more than 78 million individual registrants and 20 million families.
The portal aims to offer “One Number, One Card, One Identity” to residents in the northern state of Rajasthan for accessing state government welfare schemes.
We’ve covered Lego Fortnite since it launched last month, when the new title lured in 2.4 million simultaneous players.
A little over a month after its launch, Lego Fortnite’s content was beginning to run dry for players who dove in headlong in December (present company included).
More on our latest update here: https://t.co/p28TYzZD49 pic.twitter.com/fzquiEGRVj — LEGO Fortnite (@LEGOFortnite) January 23, 2024Building-oriented players also get some tweaks to make things go more smoothly.
Some of those experienced are made by Epic itself, like Lego Fortnite, but most are “user-made” with Epic’s beefy game development toolkit.
So far, Lego Fortnite is Fortnite’s most compelling alternative offering — and a game that’s likely to build more momentum as the updates keep rolling in.
Apple has recently announced that a new class of vulnerabilities exists in their products, which could allow attackers to bypass security protections and access users’ sensitive data. The announcement comes…
