In today’s installment of “Epic Infosecurity #FAIL,” more than 93.4 million Mexican citizens have had their voter registration details exposed online due to a misconfigured database. Why a database with Mexican voters’ information was hosted on a server outside of Mexico, who uploaded it to Amazon, and why it wasn’t properly secured are questions in search of answers. Last week, MacKeeper…
Category: Breach Incidents
Denver Archdiocese payroll system breached, 18,000 at risk
So which vendor was responsible for this one? The archdiocese wouldn’t answer that question when I put it to them…. Tom McGhee reports: Authorities are investigating a data breach at the Catholic Archdiocese of Denver that put current and terminated employees, their dependents, spouses, and beneficiaries at risk of ID theft. A third-party software provider…
Boston U. allegedly hacked and non-sensitive data dumped (Update1)
UPDATE April 11: I have received no further information from Boston U., or any response from the individual who had claimed to have hacked them, but I noticed that the paste was deleted from siph0n.in where I had seen it – and on the same day that I reported it here. A cached copy was still available…
Turkish Citizenship Database Leak (Update 2)
Who would have imagined that backwards ideologies, cronyism and rising religious extremism in Turkey would lead to a crumbling and vulnerable technical infrastructure? Seen online after a subsequently-deleted tweet called attention to it: This paste with a link to a 6.6 GB file, purportedly containing clear-text information on 49,611,709 Turkish citizens, including the following details: National Identifier (TC Kimlik…
Vulnerabilities in a Third-Party Healthcare Payment Processor
Randy Westergren looked into Christiana Care’s online payment portal, which involves a third party payment processor developed by BYL Companies, LLC. What Randy found was very concerning, and he promptly notified BYL of his findings. You can read his write-up of it all on his site. So here’s the thing: how many people may have actually exploited the vulnerability…
Seven Iranians Working for Islamic Revolutionary Guard Corps-Affiliated Entities Charged for Conducting Coordinated Campaign of Cyber Attacks Against U.S. Financial Sector
A grand jury in the Southern District of New York indicted seven Iranian individuals who were employed by two Iran-based computer companies, ITSecTeam (ITSEC) and Mersad Company (MERSAD), that performed work on behalf of the Iranian Government, including the Islamic Revolutionary Guard Corps, on computer hacking charges related to their involvement in an extensive campaign…