Sean Gallagher reports: … cities aren’t the only highly vulnerable targets to be found by would-be attackers. There are hundreds of thousands of Internet-connected Windows systems in the United States that still appear to be vulnerable to an exploit of Microsoft Windows’ Server Message Block version 1 (SMB v. 1) file sharing protocol, despite repeated…
Category: Of Note
Google says it stored some G Suite passwords in unhashed form for 14 years
Catalin Cimpanu reports: Google today revealed that a bug in an old G Suite tool has resulted in the company storing customer passwords in an unhashed — but encrypted — form for nearly 14 years, between 2005 and 2019. The company said that only G Suite enterprise customers were impacted, but not regular Gmail accounts….
Canadian company pleads guilty to peddling vast database of personal information
The Canadian Press reports: The RCMP says a Canadian-based company that peddled an illicit trove of 1.5 billion user names and associated passwords has pleaded guilty to criminal charges. In a news release, the Mounties say Defiant Tech Inc. admitted in court Friday to trafficking in identity information and possession of property obtained by crime…
Over 12,000 MongoDB Databases Deleted by Unistellar Attackers
Sergiu Gatlan reports: Over 12,000 unsecured MongoDB databases have been deleted over the past three weeks, with only a message left behind asking the owners of the databases to contact the cyber-extortionists to have the data restored. Although not on this scale, these types of attacks targeting publicly accessible MongoDB databases have happened since at least early-2017 [1, 2,…
Lithuanian watchdog issues first GDPR fine
Sam Clark reports: Lithuania’s data protection authority has fined a payments processing company for breaching three provisions of the GDPR. The State Data Protection Inspectorate has levied a €61,500 fine against fintech company MisterTango for inappropriate data processing, disclosing personal data and failing to report a breach, it said today. The authority said that the…
In today’s installment of “How Not to Respond to a Breach,” we give you Paterson Public Schools
From the for-the-love-of-a-free-press-would-someone-PLEASE-teach-these-people-about-the-first-amendment? dept. Earlier this week, this site noted reporting by Paterson Times about an alleged breach involving the Paterson Public Schools in New Jersey. We also picked up a follow-up report that covered some… um…unexpected claims by the District as to how many threat actors might be involved and whether it was a…