Seen on WebsitePlanet: Cybersecurity Researcher, Jeremiah Fowler, discovered and reported to WebsitePlanet a non-password protected database that contained 680k records. Upon further investigation, it was identified that these records were related to educational institutions. Documents inside the database suggested that it belonged to the Southern Association of Independent Schools, Inc (SAIS). In my many years as…
Category: Commentaries and Analyses
CISA Advisory: Preventing Web Application Access Control Abuse
Release Date: July 27, 2023 Alert Code: AA23-208A SUMMARY The Australian Signals Directorate’s Australian Cyber Security Centre (ACSC), U.S. Cybersecurity and Infrastructure Security Agency (CISA), and U.S. National Security Agency (NSA) are releasing this joint Cybersecurity Advisory to warn vendors, designers, and developers of web applications and organizations using web applications about insecure direct object…
Smartphone Vulnerability That Could Expose User Location to Hackers Found by Researchers
Jace Dela Cruz A recent discovery by a PhD student of Northeastern University has revealed a potential vulnerability in text messaging that could expose smartphone users’ location to hackers. PhD student in cybersecurity at Northeastern Evangelos Bitsikas and his research group employed a sophisticated machine-learning program to analyze data from the traditional SMS system, which…
Hawaiʻi Community College pays ransom to attackers
Law enforcement and experienced ransomware professionals generally advise victims not to pay any ransom demands. Yet the University of Hawaiʻi Community College decided that they would pay following an attack that they first disclosed on June 13. So why did they make that decision? In a statement on their website this week, they explain: After…
Read more Health3PT Releases Blueprint for Third Party Risk Management to Fix the Ineffective Cyber Risk Assessment Process for the Healthcare Industry
Survey finds 60% of covered entities and 72% of their vendors believe today’s third-party risk management practices are not effective: new guidance provides a consistent set of practices to reduce cyber risk for the health industry FRISCO, Texas–July 27, 2023–The Health 3rd Party Trust (Health3PT) Initiative today announced the release of the Health3PT Recommended Practices &…
ALPHV ransomware adds data leak API in new extortion strategy
Ionut Ilascu reports: The ALPHV ransomware gang, also referred to as BlackCat, is trying to put more pressure on their victims to pay a ransom by providing an API for their leak site to increase visibility for their attacks. […] Multiple researchers spotted earlier this week that the ALPHV/BlackCat data leak site added a new…