MacKeeper Security Researcher Chris Vickery has found yet another misconfigured database with U.S. voter information and profiles. This one has 154 million records. See my report about it over on the Daily Dot. One day maybe our government or state attorneys general will start actually enforcing some data security on those who create these massive…
Category: Of Note
LinkedIn data breach blamed for multiple secondary compromises
Steve Ragan reports: The LinkedIn compromise has been linked to a number of confirmed incidents where data exfiltration has taken place. It’s possible these incidents are only the tip of the iceberg though, as many of the organizations compromised are service providers with access to customer networks. […] Multiple industry sources have shared additional details…
Motherboard publishes full chat logs with “Guccifer 2.0”
Lorenzo Franceschi-Bicchierai reports: We spoke to the hacker who claimed to have broken into the servers of the Democratic National Committee, who goes by the name of “Guccifer 2.0,” in reference to the notorious hacker who leaked the George W. Bush paintings and recentlyclaimed to have hacked Hillary Clinton’s email server. In the interest of…
To the anonymous researchers who contacted me
Several weeks ago, I reported that some researchers had contacted me anonymously to give me a slew of vulnerabilities they had uncovered in their research. As a result of the FBI’s over-the-top raid on Justin Shafer, they had become scared of trying to notify entities of what they had found. They left it up to me to decide…
International identity-theft ring victimized hundreds, including Hollywood actress, authorities say
Rachel Weiner reports: Federal agents said they have uncovered a massive international identity-theft scheme that victimized at least hundreds and maybe thousands of people, including an actress who appeared in the television shows “Smallville” and “Supergirl.” On Thursday, federal authorities arrested two people in Virginia and two in Georgia who allegedly were part of a…
Screwing up the basics of incident response, Friday edition
For today’s object lesson (and maybe abject lesson), I give you FIS Global and Guaranty Bank and Trust. I’ve written up the incident in more detail over on the Daily Dot, but the short version is a hacker (@1×0123) found a vulnerability in FIS Global’s client portal login and tweeted about it. FIS didn’t respond to him directly. Instead, they…