Yet another report of a data breach involving Click2Gov software by Central Square Technology. Previous coverage of the publicly disclosed breaches from 2017, 2018, and 2019 are linked from here. Also see research reports by FireEye, Gemini Advisory, and RBS for additional background. The latest victim to come forward — at least the most recent…
Category: Government Sector
It’s “completely ridiculous” that pentesters are still facing criminal charges in Iowa for doing what they were hired to do.
If Iowa doesn’t get its act together, businesses and government will have trouble getting security firms to analyze and test their security. Even after law enforcement was told that Justin Wynn and Gary DeMercurio were Coalfire employees just doing what Coalfire had been hired to do by the judicial branch, the men are still facing…
Hack of Chilean national police exposes more than 10,000 files, including intelligence
I’m going to have to use a Google translation for this one as my Spanish is rusty, but Nicolás Sepúlveda reports on ciperchile.cl about repeated hacks of the Carabineros de Chile, the Chilean national police. The hacks are part of the ongoing political unrest and activism in the country. Sepúlveda reports that CIPER has reviewed…
Former Senate Aide Gets Probation For Helping Dox Republicans Over Kavanaugh Hearings
Bobby Allyn reports: A former Democratic Senate staffer was sentenced to two years of probation this week for helping another onetime staff member break into a Senate office late at night to hack government computers. Their actions exposed the private information of five Republican senators, in an act of retaliation for their support of Brett…
Confirmed: North Korean malware found on Indian nuclear plant’s network
Catalin CImpanu reports: The network of one of India’s nuclear power plants was infected with malware created by North Korea’s state-sponsored hackers, the Nuclear Power Corporation of India Ltd (NPCIL) confirmed today. News that the Kudankulam Nuclear Power Plant (KNPP) might have been infected with a dangerous strain of malware first surfaced on Twitter on…
UCR vulnerability may have exposed private information
Seen on Landline: A problem with the Unified Carrier Registration plan’s website may have exposed Social Security or Tax ID numbers for thousands of users. UCR indicated that the vulnerability existed between March 1st and March 28th, 2019. The information exposed includes 23,000 Social Security numbers. After a bit of searching, I found the actual notice from…