Rolly Hoyt reports: The troubled website Arkansas built from scratch to offer unemployment assistance to freelancers and contractors knocked out of work by the COVID-19 pandemic remains offline Monday because of a security breach detected before the weekend. Technicians with the state Department of Commerce have been working to fix the portal after a person…
Category: Government Sector
RU: Payment portals leak the passport numbers of the tens of thousands of Muscovites ticketed for quarantine violations
Sourced from Kommersant, Meduza reports: Over the past two months, Moscow has issued tens of thousands of fines to local residents for violating the city’s coronavirus self-isolation restrictions. Thanks to weak cryptographic security, the personal data of those ticketed is now available online. The blog Nora Ezhika first drew attention to the data leak on May 12,…
Data breach in new Illinois online unemployment system exposes private information
Jamie Munks reports: A glitch in a newly launched state system for processing unemployment claims for gig workers publicly exposed personal information, a spokeswoman for Democratic Gov. J.B. Pritzker said Sunday. The Illinois Department of Employment Security “is aware there was a glitch” in a new system for processing unemployment claims for independent contractors and…
Arkansas Division of Workforce Services shut down portal after programmer discovers it put applicants’ data at risk
AP reports: A state program that was created to process unemployment applications in Arkansas for self-employed individuals or gig economy workers appears to have been illegally accessed and has been shut down, officials announced Saturday. Gov. Asa Hutchinson said he learned Friday evening that an applicant for the program is believed to have somehow accessed…
Security Firm claims to have discovered ‘Huge security breach at European Parliament’ that Parliament denies is theirs
Rebecca Nicholson reports: Yash Kadakia, founder of Security Brigade and Shadow Map, said his group had found a major data breach. The security expert, a self-proclaimed “Code Monkey”, was able to easily access data and passwords from members. After Brussels denied the claims, Mr. Kadakia doubled down and revealed more details of the alleged breach….
Multi-millions: Sodinokibi attackers demand $42 million of celebrity law firm, threaten to publish dirt they claim to have on President Trump
I honestly cannot think of a more ironic name for a blog than the Sodinokibi (REvil) ransomware operators calling their website “Happy Blog.” Reading their updates today, they certainly didn’t seem happy, especially with Coveware, a firm that has assisted numerous ransomware victims. The firm’s services include helping negotiate ransom amounts and payment. But something…