Norway’s large social welfare agency NAV, which handles everything from pension payments to those for sick leave and unemployment, is under scrutiny after reports that NAV workers have snooped through the files of Norwegians receiving NAV benefits. Nearly 40 complaints have been filed in the past month by NAV clients who fear their privacy has been invaded….
Month: December 2016
Sadly, SQL injection attacks never go out of style – or effectiveness
“Kapustkiy,” a self-described teenager who has been using SQL injection attacks on a number of government sites, today dumped some data from the National Assembly of Ecuador. There were 655 email addresses and passwords in his public paste, although the list contained some duplicates. As he has done in the past, and as he informed this site…
Ransomware Author “Pornopoker” Arrested in Russia
Catalin Cimpanu reports: Russian authorities have arrested a man suspected of writing and distributing ransomware. The suspect, whose name hasn’t been released yet, goes by the nickname of Pornopoker. […] According to police, Pornopoker had created ransomware that locks users’ computers with a message perpetrating to be from Russian authorities, such as the police (MIA),…
NaMo app non-hack is a small fry; tech security on govt apps is even worse
Srinivas Kodali writes: In the wee hours of December 1, 2016, Javed Khatri, a 22-year-old programmer (note: not a hacker) discovered a common security vulnerability/bug in the Narendra Modiapp. Khatri was able to access the personal information of every registered user of the application through this vulnerability. After sending out a tweet (below) to Modi to report…
VA: Chesapeake Public Schools notifying employees of theft of their information
S. Cline reports that Chesapeake Public Schools in Virginia is notifying 10,827 employees after an employee’s laptop with unencrypted information was stolen. The information on the laptop included names, social security numbers and bank account numbers of some past and present employees. The employees are being offered some protective services. The media report does not reveal whether…
Employee error exposed San Jose Evergreen Community College District student info
The San Jose Evergreen Community College District (SJECCD) is notifying some of their students of a breach that occurred due to an employee error. On November 7, the district learned that an SJECCD employee had inadvertently uploaded a file containing the personal information of certain SJECCD students to a publicly accessible folder on the SJECCD website. The file…