In May, DataBreaches dutifully noted The Chattanooga Heart Institute (CHI) on our non-public worksheets. At the time, all we knew was that Karakurt threat actors had claimed to have attacked them and to have exfiltrated 158 GB of data. There was no proof of claim offered, but Karakurt wrote: Employees and patients’ private data will…
Arizona man who extorted Georgia Tech sentenced to prison
ATLANTA, July 27 – Ronald Bell has been sentenced to two years and nine months in prison for extorting Georgia Tech. Bell recruited a security guard to falsely claim that the guard witnessed an assault by its basketball coach in exchange for part of the extortion payout he expected to receive from the university. “Ronald…
CISA Advisory: Preventing Web Application Access Control Abuse
Release Date: July 27, 2023 Alert Code: AA23-208A SUMMARY The Australian Signals Directorate’s Australian Cyber Security Centre (ACSC), U.S. Cybersecurity and Infrastructure Security Agency (CISA), and U.S. National Security Agency (NSA) are releasing this joint Cybersecurity Advisory to warn vendors, designers, and developers of web applications and organizations using web applications about insecure direct object…
Hobbs has questions about data breach that exposed ESA student info
Gloria Rebecca Gomez reports: A data breach exposed the personal information of thousands of Arizona students enrolled in the state’s school voucher program, according to Gov. Katie Hobbs, but the state’s top education official says it’s not a problem. Earlier this month, ClassWallet, the online financial administration platform that handles payments for Arizona’s Empowerment Scholarship…
Smartphone Vulnerability That Could Expose User Location to Hackers Found by Researchers
Jace Dela Cruz A recent discovery by a PhD student of Northeastern University has revealed a potential vulnerability in text messaging that could expose smartphone users’ location to hackers. PhD student in cybersecurity at Northeastern Evangelos Bitsikas and his research group employed a sophisticated machine-learning program to analyze data from the traditional SMS system, which…
Centers for Medicare and Medicaid notifying 645,000 Medicare members about MOVEit breach (UPDATED)
Update: This incident was reported to HHS as affecting 1,362,470 patients. The Centers for Medicare and Medicaid (CMS) has posted a notice on its site about a data breach at one of its contractors, Maximus Federal Services, Inc. Maximus was one of hundreds of victims of a 0day attack on MOVEit file transfer software by the…