Ionut Arghire reports that Chinese hackers exploited Fortinet FortiOS SSL-VPN vulnerability when it was still a zero-day. Mandiant tracks the bug as CVE-2022-42475 (CVSS score of 9.8), and described it as “a buffer overflow issue that could be exploited by remote, unauthenticated attackers to execute code or commands via crafted requests.” Read more at Security Week….
More than 19,000 records released in B.C. school district data breach
Stefan Labbé reports: A school district in B.C. said more than 19,000 personal records from students and staff were accessed in a privacy breach. In a statement Wednesday, School District 42 — which encompasses Maple Ridge and Pitt Meadows — said 19,126 records were publicly released in the afternoon of Jan. 17, 2023. The records…
UK: Students ‘outed without even knowing’ after SU self-id data ‘breach’
Caredig ap Tomos reports: Sensitive data relating to students’ self-identification continued to be shared with students running elections on Cambridge Students’ Union’s voting platform months after the issue was originally raised. Sources have told Varsity that countless students were “effectively outed without even knowing it” because of the ‘breach’ of sensitive data, which took nine months to…
Ransomware gang steals data from KFC, Taco Bell, and Pizza Hut brand owner
Bill Toulas reports: Yum! Brands, the fast food brand operator of KFC, Pizza Hut, Taco Bell, and The Habit Burger Grill fast-food restaurant chains, has been targeted by a ransomware attack that forced the closure of 300 locations in the United Kingdom. Read more at BleepingComputer.
ICE releases thousands of immigrants affected by data breach
Hamed Aleaziz reports: Immigration and Customs Enforcement officials have released nearly 3,000 immigrants whose personal information, including birth dates and detention locations, was inadvertently posted on the internet by the U.S. government, according to government officials. Officials accidentally posted the names, birth dates, nationalities and detention locations of more than 6,000 immigrants who claimed to…
No evidence of personal data leak amid national security probe: NHIA
CNA reports: The National Health Insurance Administration (NHIA) on Thursday said there is no evidence that three current and former employees stole data amid a recent probe launched by prosecutors into the National Health Insurance (NHI) system. The suspects — a woman surnamed Hsieh (謝) who is a division chief at the NHIA, a male…