Chris Vilela reports: Kingston Health Sciences Centre (KHSC) has confirmed that it is currently facing an online access interruption, which a source at the hospital says is related to a possible cyber-security breach. KHSC did not immediately disclose the exact nature of the incident. “We can confirm that KHSC’s internet access and external-facing systems are…
Configuration snafu exposes passwords for two million marijuana growers
Catalin Cimpanu reports: GrowDiaries, an online community where marijuana growers can blog about their plants and interact with other farmers, has suffered a security breach in September this year. The breach occurred after the company left two Kibana apps exposed on the internet without administrative passwords. Read more on ZDNet. h/t, @Chum1ng0
Another k-12 district reports a data breach
This time, it’s Columbus City Schools in Ohio, who report that on May 1, they learned that an employee’s email account had been compromised. Their subsequent investigation resulted in them notifying an undisclosed number of people that their name and social security number had been in the employee’s email account. You can read the October…
23,600 hacked databases have leaked from a defunct ‘data breach index’ site
Catalin Cimpanu reports: More than 23,000 hacked databases have been made available for download on several hacking forums and Telegram channels in what threat intel analysts are calling the biggest leak of its kind. The database collection is said to have originated from Cit0Day.in, a private service advertised on hacking forums to other cybercriminals. Read…
June retrial date set for ex-CIA engineer in leak case
The Associated Press reports: The retrial of a former CIA software engineer charged with leaking secrets to WikiLeaks in an espionage case will begin June 7, a judge said Wednesday. U.S. District Judge Paul A. Crotty set the date for Joshua Schulte over the objections of a defense lawyer who said it would be impossible…
New RegretLocker ransomware targets Windows virtual machines
Lawrence Abrams reports: A new ransomware called RegretLocker uses a variety of advanced features that allows it to encrypt virtual hard drives and close open files for encryption. RegretLocker was discovered in October and is a simple ransomware in terms of appearance as it does not contain a long-winded ransom note and uses email for communication…