Billy Camden reports: The founder of a firm at the centre of a major education data breach involving betting companies was subject to a previous government investigation. Unions are now demanding an independent investigation over how the Department for Education gave the firm, which offers screening checks, access to the Learning Records Service database. The…
FBI breach notice rules lauded by states, but some want more
Derek B. Johnson reports: A new FBI policy raises the question about who are the true victims of election systems breaches: local officials who supervise elections or the voters and candidates who depend on a trustworthy ballot? Under a recent policy change, the FBI will notify states if local election systems are hacked, but some…
PIH Health notifies almost 200,000 patients whose protected health information was sitting in employee email accounts that were compromised
Posted by PIH Health on their website on January 10, 2020: Notification of Data Security Incident January 10, 2020 – PIH Health has become aware of a data security incident that may have impacted personal information and protected health information belonging to certain current and former patients. On January 10, 2020, PIH Health notified potentially…
We’re dung for! Hackers hit firms with ransomware by exploiting Shitrix flaw
Graham Cluley writes: About two weeks ago alarm bells rang over a newly-discovered (and unpatched) flaw in Citrix servers. The vulnerability, technically dubbed CVE-2019-19781 but also known as “Shitrix”, was found to be present on Citrix Application Delivery Controller and Citrix Gateway servers (formerly known as Netscaler ADC and Netscaler Gateway respectively) commonly used on corporate networks. Then we…
Russian National Pleads Guilty to Running Online Criminal Marketplace
Press release from DOJ, January 23. Previous coverage on this threat actor on this site can be found here and here. Russian National Pleads Guilty to Running Online Criminal Marketplace A Russian national pleaded guilty today to charges related to his operation of two websites devoted to the facilitation of payment card fraud, computer hacking…
Identity and Access Misstep: How an Amazon Engineer Exposed Credentials and More
The UpGuard team reports: UpGuard can now disclose that a repository hosted on GitHub with data from an Amazon Web Services engineer containing personal identity documents and system credentials including passwords, AWS key pairs, and private keys has been secured from public access. The data was committed to a public repository on the morning of…