Justin Paine reports: While searching Shodan, I recently discovered an ElasticSearch database without any authentication. This database contained metadata related to a huge amount of emails. It was eventually confirmed that this server and the email metadata was controlled by a large university located in China. I would like to thank the university’s security team…
Month: June 2019
Eight years later, the case against the Mariposa malware gang moves forward in the US
Catalin Cimpanu reports: Eight years after US law enforcement opened a first case in the operations of the Mariposa (Butterfly Bot, BFBOT) malware gang, officials are now moving forward with new charges and arrest warrants against four suspects. The original case started way back in May 2011, when US officials first filed a complaint against…
SG: Firm fined $4k by PDPC for leak of more than 400 national servicemen’s data
Lim Min Zhang reports: A firm has been fined $4,000 by Singapore’s privacy watchdog for the leak of the personal data of more than 400 national servicemen on June 12 last year due to a technical error. The data comprised the log-in identifications, e-mail addresses, delivery addresses and mobile phone numbers of 427 men from…
And so it begins… state attorneys general investigating American Medical Collection Agency breach
From the Illinois Attorney General’s Office: Chicago — Attorney General Kwame Raoul and Connecticut Attorney General William Tong today announced an investigation into the data breach at American Medical Collection Agency, which may have exposed the personal information of nearly 12 million patients of Quest Diagnostics (Quest) and 7.7 million Laboratory Corporation of America (LabCorp) patients. Raoul…
“Achilles”, Hacker Behind Attacks on Military Shipbuilders, UNICEF & International Corporations
From AdvIntel: Executive Summary Background: “Achilles” is an English-speaking threat actor primarily operating on various English-language underground hacking forums as well as through secure messengers. Achilles specializes in obtaining accesses to high-value corporate internal networks. Verticals: Achilles victims are primarily private sector entities; however, the actor also targeted public domains, government-affiliated companies, and international organizations….
DPP employee who had ‘a nosey’ in murder file gets 11 month sentence
Tom Tuite reports: A civil servant in the office of the Director of Public Prosecutions (DPP) has been been given an 11-month sentence for disclosing sensitive information about the arrest of a suspect in a dissident republican murder case. Service officer Jonathan Lennon (35) from Clonee, Dublin 15, who admitted having a “nosey” in the…