I noticed a (minor but abusable) data leak in the RMM/PSA tool Atera a while ago, reported it and it's now fixed. I think it's somewhat interesting so I wrote it up.
https://fyr.io/post/atera-leaked-their-customers-to-mailinator
Tldr: if you tested your SMTP settings, it used a public mailbox on mailinator, allowing anyone to watch for (and respond to, if you're so inclined) mail. Phishing opportunity!
#infosec #atera #privacy #dataleak #mailinator #writeup #phishing #netsec