DNA reports: A 17-year-old student in a private school in Chennai’s Tambaram has helped the Indian Railway Catering and Tourism Corporation (IRCTC) fix a bug in its online ticketing platform, which could have exposed millions of passengers and their private information. Ranganathan said that the critical Insecure Object Direct References (IODR) vulnerability on the website…
CISA, FBI, and NSA Release Joint Cybersecurity Advisory on Conti Ransomware
Alert (AA21-265A): Conti Ransomware The Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) have observed the increased use of Conti ransomware in more than 400 attacks on U.S. and international organizations. In typical Conti ransomware attacks, malicious cyber actors steal files, encrypt servers and workstations, and demand a ransom payment….
MN: Crystal Valley Computer Systems Infected By Ransomware Attack
Southern Minnesota News reports: Mankato-based Crystal Valley says a ransomware attack has infected their computer systems. The attack “severely interrupted” the daily operations, according to a company press release. Read more on SMN. The Crystal Valley Cooperative is a farm supply and grain marketing cooperative that serves Southern Minnesota and Northern Iowa, so this may…
Vermont radio stations dealing with fallout from BlackMatter cyberattack
Katharine Huntley reports: Listeners might not know it, but thousands of people in radio stations across the nation are working around the clock to get commercials on the air after they were targeted by Russian hackers. “It started with an email on Sunday night that you really don’t want to get,” Dan Dubonnet said. […]…
Oops? RaidForums data marketplace accidentally exposes private staff page
Ax Sharma reports: RaidForums is an underground place where private databases obtained from data breaches, vulnerability exploits, and credit card information sets are illegally traded by threat actors, or sometimes leaked for free. On RaidForums, the “Staff General” section is typically restricted to internal staff members only, but in an ironic twist of fate, this private section was accidentally left open for viewing by…
KS: Pottawatomie Co. cyber attack encrypts “multiple servers,” extent unclear
Chris Fisher reports: Officials in Pottawatomie County are assessing the extent of a cyber attack discovered last week. Pottawatomie Co. Public Information Officer Becky Ryan confirms that county IT staff discovered an active cyber attack on Friday, September, 17. Ryan says the breach encrypted multiple servers, which prevented the access of many systems used every day….