Charlie Osborne reports: A five-year court battle in the United Kingdom has come to an end with the UK Supreme Court ruling that the UK’s spy agencies and their hacking activities can be made subject to court challenges. On Wednesday, the court ruled that the GCHQ’s Investigatory Powers Tribunal (IPT) is subject to judicial review…
Category: Of Note
WhatsApp urges users to upgrade app after security breach
Steven Scheer reports: Facebook’s WhatsApp urged users to upgrade to the latest version of its popular messaging app after reporting that users might be vulnerable to having malicious spyware installed on phones without their knowledge. […] Earlier, the Financial Times (FT) reported that a vulnerability in WhatsApp allowed attackers to inject spyware on phones by ringing…
Paterson Public Schools hacked, but when, and where are the data now? (UPDATE 1)
Jayed Rahman reports that Paterson Public Schools in New Jersey was hacked. The attacker allegedly acquired 23,103 account passwords and other computer access tokens. Information stolen in the breach includes desktop logins, email usernames and passwords, and laptop credentials. For example, the email usernames and passwords of all school district employees — including that of…
Oregon Health Authority provides early notification to Oregon State Hospital patients of a phishing incident
I realize that some will fault the entity for making early notification before they have all the facts, but my hat is off to the Oregon Health Authority (OHA). On May 6, they suffered – and quickly stopped – a successful spear-phishing attack that gave the attacker access to one employee’s mail account. That account…
Numbers from the OS, Inc. breach dribble in…
OS, Inc. provides revenue management (billing) services to covered entities. I recently reported on a phishing-related breach they experienced in 2018 that was first disclosed this month. As I noted in that post, their notification specifically mentioned a number of their affected clients. Their disclosure did not, however, provide a total number of patients affected,…
Personal and health insurance information of most of Panama’s citizenry found in unsecured database
Bob Diachenko reports that he found an unprotected and publicly available Elasticsearch cluster containing what appears to be 3,427,396 records of Panamanian citizens. According to Diachenko, each record in tables labeled “patient” contained the following info: full name date of birth national ID number (cedula) medical insurance number (poliza seguro medico) phone email address other…