Posts

McDermott: Governor’s take on security breach show who’s the real ‘enemy of the people’ | Kevin McDermott


This was, in fact, a “freely available” website, with no “permission” needed to access it.

• “This individual [was] acting against a state agency to compromise teachers’ personal information in an attempt to embarrass the state and sell headlines for their news outlet.”

Renaud made clear in his story that he stumbled upon the Social Security numbers while looking for a way to aggregate public teacher certification data. There was no ill intent.

Which brings us to a significant and inexcusable omission: Parson knew that the warning from Renaud was the only reason the administration even learned it was putting teachers at risk. Yet Parson made no mention of that in his press conference.

Parson vowed that “we will not let this crime against Missouri teachers go unpunished.” Parson knows perfectly well there wasn’t any “crime” here.

Only Parson knows why he decided to misrepresent this episode to the public. But it’s worth noting that a PAC that supports him was using those misrepresentations in a fundraising appeal last week.

To review: More than 100,000 teachers were at risk from a security flaw in a state website. A journalist discovered that risk, alerted the state, and even gave the state time to fix the problem before publishing the story. Now Parson is focused not on figuring out who screwed this up, but on persecuting the journalist who revealed the screwup.

Source…

Hackers are selling millions of Acer customers’ data as a result of a data breach


( Image credit : securityaffairs )

Acer, a Taiwanese tech company, has announced that its servers in India were hacked, with hackers gaining access to 60GB of users’ data. This is the company’s second data security breach this year.

According to Hindustan Times, Desorden, the gang that claimed responsibility for the hack, accessed data containing individual customer information, corporate customer data, sensitive account information, and financial data.

The hacker group released a video including files and databases holding the information of 10,000 Indian clients. The organization also claimed to have access to over 3,000 sets of Acer retailer and distributor login passwords across India.

Privacy Affairs confirmed that much of the stolen material was accurate after contacting with numerous affected parties. As a result, Acer and its customers are in an extremely vulnerable position.

According to the article, Acer said that it had discovered an isolated attack on its local after-sales service system in India and had enacted security processes, which were followed by a complete scan of its systems. The corporation also stated that it is alerting all clients in the country who may be affected.

According to Acer, the incident was reported to local law enforcement and the Indian Computer Emergency Response Team (CERT-In).

“We have recently detected an isolated attack on our local after-sales service system in India.” Acer told BleepingComputer. “Upon detection, we immediately initiated our security protocols and conducted a full scan of our systems. We are notifying all potentially affected customers in India.”

We believe Acer declined to pay up the last time a breach like this happened, which is likely why the attackers decided to sell the data rather than try to get Acer to pay up.

In any case, while it appears that Acer is moving in the right direction following the incident, it’s unclear that the business will be able to recover the stolen data.

This is Acer’s second cyberattack in the last seven months. In March, REvil launched a ransomware attack on the company’s infrastructure. Acer was demanded to pay a $50 million ransom for a decryptor in order to recover…

Source…

Journalist warns Missouri about security breach. He’s threatened with criminal charges. – East Bay Times


JEFFERSON CITY, Mo. (AP) — Gov. Mike Parson on Thursday condemned the St. Louis Post-Dispatch for exposing a flaw in a state database that allowed public access to thousands of teachers’ Social Security numbers, even though the paper held off from reporting about the flaw until after the state could fix it.

Parson told reporters outside his Capitol office that the Missouri State Highway Patrol’s digital forensic unit will be conducting an investigation “of all of those involved” and that his administration had spoken to the prosecutor in Cole County.

The governor suggested that the Post-Dispatch journalist who broke the story committed a crime and said the news outlet would be held accountable.

The state’s schools department had earlier referred to the reporter who broke the story as “a hacker.”

The Post-Dispatch broke the news about the security flaw on Wednesday. The newspaper said it discovered the vulnerability in a web application that allowed the public to search teacher certifications and credentials.

It notified the Department of Elementary and Secondary Education and gave it time to fix the problem before the story was published.

After removing the pages from its website Tuesday, the agency issued a news release that called the person who discovered the vulnerability a “hacker” — an apparent reference to the reporter — who “took the records of at least three educators.” The agency didn’t elaborate as to what it meant by “took the records” and it declined to discuss the issue further when reached by The Associated Press.

The Post-Dispatch journalist found that the school workers’ Social Security numbers were in the HTML source code of the pages. It estimated that more than 100,000 Social Security numbers were vulnerable.

Source codes are accessible by right-clicking on public webpages.

The newspaper’s president and publisher, Ian Caso, said in a statement that the Post-Dispatch stands by the story and  journalist Josh Renaud, who he said “did everything right.”

“It’s regrettable the governor has chosen to deflect blame onto the journalists who uncovered the website’s problem and brought it to the Department of Elementary…

Source…

Data breach extortion. Credential reuse risk. Blackswan zero-days. A Monero cryptojacker. Notes on the ransomware summit.


Attacks, Threats, and Vulnerabilities

Extortionist Hacker Group SnapMC Breaches Networks in Under 30 Minutes (SecurityWeek) Over the past few months, a threat actor has been increasingly breaching enterprise networks to steal data and extort victims, but without disrupting their operations

SnapMC skips ransomware, steals data (NCC Group Research) Over the past few months NCC Group has observed an increasing number of data breach extortion cases, where the attacker steals data and threatens to publish said data online if the victim decides not to pay. Given the current threat landscape, most notable is the absence of ransomware or any technical attempt at disrupting the victim’s operations.

Academics find Meltdown-like attacks on AMD CPUs, previously thought to be unaffected (The Record by Recorded Future) Two academic papers have been published over the past two months detailing new side-channel attacks in AMD processors that have eerily similar consequences to the Meltdown attack disclosed in early 2018, to which AMD CPUs were previously thought to be immune.

How Impersonation Attacks Fool Users (Avanan) Hackers use impersonated messages from reputable brands to fool users. In this case, scammers are impersonating DocuSign.

Once-in-a-decade discovery made by international cyber security company built by former spies (PR Newswire) Field Effect, a global cyber security company, has released details of their discovery of seven 0-day vulnerabilities in Microsoft Windows software and…

Blox Tales: Microsoft Defender Vishing Using AnyDesk (Armorblox) This blog focuses on a Microsoft Defender vishing campaign where attackers tried to get victims to download AnyDesk for an RDP attack.

Heads up: Verizon’s Visible MVNO accounts are getting hacked left and right (AndroidPolice) Users are reporting account hijacks, address changes, and unauthorized purchases

Apparent Verizon Visible hack was credential stuffing attack, says carrier [U] (9to5Mac) Multiple reports of an apparent Verizon Visible hack, with attackers changing shipping addresses, then ordering phones that are charged …

Verizon’s Visible confirms accounts were breached – report (FierceWireless) Some customer accounts for the…

Source…