Bob Diachenko writes: On Feb 19, 2019, I have discovered a MongoDB that required no password. The database was located in an India region which (along with other data) also contained highly sensitive information collected on 458,388 individuals located in Delhi. A 4.1GB-sized database had been indexed by Shodan and was left unattended for public…
Month: February 2019
Grassroots List of Cybersecurity Indictments of State-Sponsored Hackers
Seen at Meritalk: Katie Nickels, a threat intelligence expert for MITRE, released a grassroots compiled list of recent cybersecurity indictments of state-sponsored hackers earlier this week. The list, which is compiled in a Google Doc, includes 30 indictments at the current moment, spanning from June 2011 to Feb. 2019. “When I tweeted that I wanted…
Tax Returns Exposed in TurboTax Credential Stuffing Attacks
Sergiu Gatlan reports: Financial software company Intuit discovered that tax return info was accessed by an unauthorized party after an undisclosed number of TurboTax tax preparation software accounts were breached in a credential stuffing attack. A credential stuffing attack is when attackers compile username and passwords that were leaked from previous security breaches and use those credentials to try and…
Audacious Russian Hacker Who Stole From Victims Using NeverQuest Pleads Guilty
LawFuel reports: Geoffrey S. Berman, the United States Attorney for the Southern District of New York, and William F. Sweeney Jr., Assistant Director-in-Charge of the New York Office of the Federal Bureau of Investigation (“FBI”), announced that STANISLAV VITALIYEVICH LISOV, a/k/a “Black,” a/k/a “Blackf” (“LISOV”), pled guilty today to conspiring to deploy and use a…
VT: Rutland Regional Medical Center notifies patients after employee email accounts hacked
On Feb. 20, Rutland Regional Medical Center in Vermont posted a notice on its web site that says, in pertinent part: Rutland Regional Medical Center (“Rutland Regional”) recently discovered an incident that may affect the security of personal information of certain individuals who received care from its facility. We take this incident very seriously, and…
UConn Health: 326,000 could be impacted by recent phishing attack
Matt Pilon reports: UConn Health on Friday disclosed that an unauthorized third party had accessed employee email accounts, potentially breaching the privacy of 326,000 patients and others. Of that number, 1,500 could have had their social security numbers exposed, UConn Health said. For others, potentially acquired details include names, dates of birth, addresses, and billing…