This is the story of how mapping and analysis of an open elastic search led to the discovery of a misconfigured Amazon s3 bucket that exposed data from hundreds of thousands of dental patients. If you live in Brazil, you may already be experiencing breach fatigue from having had so much of your personal and…
Category: Of Note
Does improved infosec lead to delayed care and more fatal heart attacks in hospitals?
Nsikan Akpan has a report on PBS that is worth reading, especially now that I’ve gotten rid of their headline that I really really really didn’t think was accurate. Apkan starts by reminding us all how a ransomware attack on a hospital could have life-threatening consequences. But the main point of his piece is to…
A DDoS gang is extorting businesses posing as Russian government hackers
File this one under “Ooh, that’s clever!” Catalin Cimpanu reports. For the past week, a group of criminals has been launching DDoS attacks against companies in the financial sector and demanding ransom payments while posing as “Fancy Bear,” the infamous hacking group associated with the Russian government, known for hacking the White House in 2014…
White House kicks infosec team to curb in IT office shakeup
Sean Gallagher reports: An internal White House memo published today by Axios reveals that recent changes to the information operations and security organizations there have left the security team in tumult, with many members headed for the door. And the chief of the White House’s computer network defense branch—who wrote the memo after submitting his…
OCR Imposes a $2.15 Million Civil Money Penalty against Jackson Health System
Note: coverage of the breaches referenced below can be found on this stie by searching it for “Jackson Health System.” The following is a press release from the U.S. Department of Health Office for Civil RIghts: The Office for Civil Rights (OCR) at the U.S. Department of Health and Human Services has imposed a civil…
NordVPN, TorGuard and VikingVPN disclose security breaches
João Silva writes: NordVPN, one of the most well-known VPN provider, had confirmed a security breach in early 2018. At fault, there’s the data centre provider from Finland, where the server was hosted. The data centre provider used an insecure remote management system that NordVPN was “unaware” of. Although NordVPN seems to be playing down the occurrence,…