Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Cloud

12/21/2017
12:23 PM
50%
50%

US Census Bureau: Data Exposed in Alteryx Leak Already Public

The US Census Bureau says no personally identifiable information it collected was compromised in this week's Alteryx leak.

Data analytics firm Alteryx made headlines this week when UpGuard discovered a misconfigured Amazon Web Services S3 storage bucket exposed sensitive information of 123 million households. The leak exposed information from Experian and the US Census Bureau.

The US Census Bureau today issued a statement following reports claiming Alteryx exposed personally identifiable information (PII) collected by the Bureau. The agency said Alteryx only had access to publicly available data from census.gov, including published data from the 2010 Census.

"The company implicated had no access to PII collected by the Census Bureau, nor did the reported data leak involve Census Bureau servers or Census Bureau data stored through cloud services," the Bureau said.

Read more details here.

Dark Reading's Quick Hits delivers a brief synopsis and summary of the significance of breaking news events. For more information from the original source of the news item, please follow the link provided in this article. View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
<<   <   Page 2 / 2
RyanSepe
50%
50%
RyanSepe,
User Rank: Ninja
12/22/2017 | 8:04:00 AM
Incorrectly Configured S3 Bucket
Can someone elaborate as to if this was a fault of amazon or the company leveraging those services? Amazon, by default, should be deploying secure VPC's. To this end any company leveraging these services should not deviate from the originally secure deployment. By doing so you are leaving the company open to potential data leakages such as this.
<<   <   Page 2 / 2
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
6 Emerging Cyber Threats That Enterprises Face in 2020
This Tech Digest gives an in-depth look at six emerging cyber threats that enterprises could face in 2020. Download your copy today!
Flash Poll
State of Cybersecurity Incident Response
State of Cybersecurity Incident Response
Data breaches and regulations have forced organizations to pay closer attention to the security incident response function. However, security leaders may be overestimating their ability to detect and respond to security incidents. Read this report to find out more.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-11494
PUBLISHED: 2020-04-02
An issue was discovered in slc_bump in drivers/net/can/slcan.c in the Linux kernel through 5.6.2. It allows attackers to read uninitialized can_frame data, potentially containing sensitive information from kernel stack memory, if the configuration lacks CONFIG_INIT_STACK_ALL, aka CID-b9258a2cece4.
CVE-2020-7619
PUBLISHED: 2020-04-02
get-git-data through 1.3.1 is vulnerable to Command Injection. It is possible to inject arbitrary commands as part of the arguments provided to get-git-data.
CVE-2020-7620
PUBLISHED: 2020-04-02
pomelo-monitor through 0.3.7 is vulnerable to Command Injection.It allows injection of arbitrary commands as part of 'pomelo-monitor' params.
CVE-2020-7621
PUBLISHED: 2020-04-02
strong-nginx-controller through 1.0.2 is vulnerable to Command Injection. It allows execution of arbitrary command as part of the '_nginxCmd()' function.
CVE-2020-7623
PUBLISHED: 2020-04-02
jscover through 1.0.0 is vulnerable to Command Injection. It allows execution of arbitrary command via the source argument.