Ax Sharma reports: Today, researchers have responsibly disclosed a security vulnerability by exploiting which they could access over 100,000 private employee records of United Nations Environmental Programme (UNEP). The data breach stemmed from exposed Git directories and credentials, which allowed the researchers to clone Git repositories and gather a large amount of personally identifiable information (PII) associated…
Ransomware attack hits short line rail operator OmniTRAX
Nate Tabak reports: Colorado-based short line rail operator and logistics provider OmniTRAX was hit by a recent ransomware attack and data theft that targeted its corporate parent, Broe Group. OmniTRAX confirmed to FreightWaves that the cyberattack had occurred after the Conti ransomware gang posted stolen data from a leak site. The company, however, provided no…
TT: West Shore launches probe after technician’s post on PM’s health
Darlisa Ghouralal reports: West Shore Private Hospital has launched an investigation into an apparent breach of patient confidentiality following a post by a cardiac technologist regarding the medical care of Prime Minister Dr Keith Rowley. […] The post by the technologist, an employee of Cardiovascular Associates Limited (CVA) who is also a part-time independent contractor…
Some ransomware gangs are going after top execs to pressure companies into paying
Catalin Cimpanu reports: A new trend is emerging among ransomware groups where they prioritize stealing data from workstations used by top executives and managers in order to obtain “juicy” information that they can later use to pressure and extort a company’s top brass into approving large ransom payouts. ZDNet first learned of this new tactic earlier…
New Zealand central bank: unnamed third-party file-sharing service was hacked
AP reports: New Zealand’s central bank said Sunday that one of its data systems has been breached by an unidentified hacker who potentially accessed commercially and personally sensitive information. A third party file sharing service used by the Reserve Bank of New Zealand to share and store sensitive information had been illegally accessed, the Wellington-based bank said…
UK: Motor industry employee sentenced in ICO Computer Misuse Act prosecution
A motor industry employee has been sentenced to eight months’ imprisonment, suspended for two years, in a prosecution brought by the Information Commissioner’s Office (ICO). Kim Doyle, who worked for the RAC, transferred personal data to an accident claims management firm without authorisation. Doyle, 33, pleaded guilty to charges of conspiracy to secure unauthorised access…