A blog post by Graham Cluley really resonated here this week. It begins: The Plymouth Herald reports on what appears to be an easy-to-avoid gaffe. An eagle-eyed passer-by spotted a password on clear display at Her Majesty’s Passport Office in Ebrington Street, scrawled on a flipchart leaning against an upper window. The paper contacted the UK Home Office,…
Medical records for cardiac patients left unsecured online
On August 2, a researcher contacted DataBreaches.net about a misconfigured Amazon s3 storage bucket they had discovered. The bucket contained more than 10,000 files, recently updated, with protected health information of patients seen by or involved with BioTel Heart cardiac data network. Sometimes it is easy to figure out the likely owner of an Amazon…
North Korean Hacking Group Attacks Israeli Defense Industry
Ronen Bergman and Nicole Perlroth report: Israel claimed Wednesday that it had thwarted a cyberattack by a North Korea-linked hacking group on its classified defense industry. The Defense Ministry said the attack was deflected “in real time” and that there was no “harm or disruption” to its computer systems. However, security researchers at ClearSky, the international cybersecurity…
Check Point researchers uncovered Alexa flaw that exposed personal information and speech histories
Sharon Ross reports: Researchers at Check Point say they identified an exploit in Amazon’s Alexa voice platform that could have given attackers access to users’ personal information, speech histories, and Amazon accounts. In a blog post, they describe the way in which an attack might have been carried out against a user, beginning with a…
RedCurl cybercrime group has hacked companies for three years
Catalin Cimpanu reports: Security researchers have uncovered a new Russian-speaking hacking group that they claim has been focusing on the past three years on corporate espionage, targeting companies across the world to steal documents that contain commercial secrets and employee personal data. Named RedCurl, the activities of this new group have been detailed in a 57-page…
Federal Appeals Court Dismisses CareFirst Data Breach Appeal
From EPIC.org: The D.C. Circuit has ruled that it lacks jurisdiction to hear the appeal of CareFirst customers whose data was stolen in a 2014 data breach. The lower court in Attias v. CareFirst dismissed most of the plaintiffs and claims in the case for failure to allege damages and certified the dismissed claims for appeal. The D.C. Circuit…