Nihal Krishan reports: The U.S. Department of Veterans Affairs has admitted that it failed to adequately protect COVID-19 vaccination status data for about 500,000 of its employees. Following an internal investigation by the VA’s Data Breach Response Service, the agency removed a spreadsheet containing personal details including vaccination status, according to a notice sent to the agency’s…
Rackspace rocked by ‘security incident’ that has taken out some hosted Exchange services
Simon Sharwood reports: Some of Rackspace’s hosted Microsoft Exchange services have been taken down by what the company has described as a “security incident”. The company’s most recent incident report at the time of writing, time-stamped 01:57 Eastern Time on December 3rd, offers the following information. […] Rackspace has no idea when it will be able…
After Discovery of Huge Data Breach, Twitter Alternative Hive Goes Offline
Lucas Ropek reports: Not long after Elon Musk took over Twitter and started doing a whole lot of crazy stuff to the platform, the microblogging app Hive Social saw a huge spike in users. Apparently fed up with Elon’s shit, a bunch of people had decided to try out alternative social media sites—and Hive was one of them. Launched back in…
ConnectWise Quietly Patches Flaw That Helps Phishers
Brian Krebs reports: ConnectWise, which offers a self-hosted, remote desktop software application that is widely used by Managed Service Providers (MSPs), is warning about an unusually sophisticated phishing attack that can let attackers take remote control over user systems when recipients click the included link. The warning comes just weeks after the company quietly patched…
Nl: Forum voor Democratie data leak leaves 93,000 members and former members exposed
Dutch News reports: An IT failure in the app launched last weekend by far right party Forum voor Democratie has placed the names, addresses and bank account numbers of all 93,000 current and past party members in the public domain, broadcaster RTL has reported, following a tip-off. Read more at DutchNews.nl. As Professor Frederik Zuiderveen…
Darknet markets generate millions in revenue selling stolen personal data
Christian Jordan Howell and David Maimon report: …. This trafficking of stolen data between producers, wholesalers, and consumers is enabled by darknet markets, which are websites that resemble ordinary e-commerce websites but are accessible only using special browsers or authorization codes. We found several thousand vendors selling tens of thousands of stolen data products on 30 darknet…