In the process of researching breach reports submitted to HHS, DataBreaches came across a public notice for an incident affecting Primary Health & Wellness Center, LLC in Maryland. The covered entity is to be commended for the details and transparency in their notice, although they do not name the threat actor/group involved or any details…
Raptor Technologies’ unsecured blob exposure was worse than they acknowledged. Here’s what we know — and don’t know — so far.
On January 11, DataBreaches noted a concerning blob exposure discovered by Jerome Fowler and first reported by vpnMentor. As WIRED’s Matt Burgess reported: Last month, security researcher Jeremiah Fowler discovered 800 gigabytes of files and logs linked to school software provider Raptor Technologies. The firm provides software that allows schools to track student attendance, monitor…
German security researchers at risk of prosecution for “hacking” because of a plain text hardcoded password?
Over on Infosec.Exchange, Will Palant posted: Yellow Flag @[email protected] German law is making security research a risky business. Current news: A court found a developer guilty of “hacking.” His crime: he was tasked with looking into a software that produced way too many log messages. And he discovered that this software was making a MySQL…
Four-in-ten employees sacked over email security breaches as firms tackle “truly staggering” increase in attacks
Emma Woollacott reports: Nearly half of workers responsible for email security breaches over the last year have been sacked, according to new search, as cyber leaders begin taking a tougher stance amid a surge in attacks. Research from cyber security firm Egress found that 94% of organizations globally have experienced a serious email security incident…
Tilbury District Family Health Team confirms patient data impacted by October ransomware attack
CKXS reports: The fallout continues following last year’s ransomware attack that resulted in a massive data breach at five southwestern Ontario hospitals. The Tilbury District Family Health Team (TDFHT) has confirmed that its patient health information was impacted by the cyberattack on October 23, 2023, which also resulted in varying amounts of patient and staff…
CISA pushes federal agencies to patch Citrix RCE within a week
Sergiu Gatlan reports: Today, CISA ordered U.S. federal agencies to secure their systems against three recently patched Citrix NetScaler and Google Chrome zero-days actively exploited in attacks, pushing for a Citrix RCE bug to be patched within a week. The cybersecurity agency added the flaws to its Known Exploited Vulnerabilities Catalog today, saying that such vulnerabilities are “frequent attack…