Thomas Claburn reports: Updated A website created for global consultancy Deloitte to quiz people on knowledge of hacking tactics has proven itself vulnerable to hacking. The site, found at the insecure non-HTTPS URL http://deloittehackeriq.com/, makes its YAML configuration file publicly accessible. And within the file, in cleartext, is the username and password for the site’s mySQL database….
STJ would have been a victim of ransomware; Ministry of Health suffers attack
It seems like every week, I am being shown evidence of huge — and I do mean HUGE — data leaks out of two countries: India and Brazil. I do not report on most of them. But I am not surprised to read a news report that Brazilian government agencies have been hit with ransomware….
Police open case into leak of 500 soldiers’ personal data
Unian reports: Ukrainian Ombudsperson’s Office says law enforcers have initiated criminal proceedings over the publication on the Internet of personal data of 500 soldiers who had taken part in the Joint Forces Operation in the Donbas warzone. “As a result of the response on the part of the Ukrainian Verkhovna Rada Commissioner for Human Rights, publication…
Alamance Skin Center reports ransomware attack
Andy Warfield reports: A Cone Health medical practice has been hit by a ransomware cyber attack. The Greensboro-based health system announced this week that on Oct. 21, Alamance Skin Center in Burlington was the victim of a phishing scam or brute force attack used to gain access to the system. Read more on BizJournals.
Update: Newcastle students’ data including home addresses leaked on dark web after cyber attack
Theresa Merkel reports: A range of documents including Newcastle University students’ data has been leaked onto the dark web following the cyberattack that disrupted the university’s IT systems in September. The files were leaked by cybercrime group Doppelpaymer on October 12th and include a full list of students, their specific departments, courses and student numbers. Read more…
Club Fitness Provides Notice of Data Security Incident
A press release discloses a breach involving Club Fitness Holdings, Inc. (“Club Fitness”): On June 18, 2020, Club Fitness discovered a data security event that prevented access to data and programs on its network. Upon learning this, Club Fitness immediately began an investigation, and took action to secure and restore access to its network. Club Fitness…