Tag Archive for: Threatened

Journalist warns Missouri about security breach. He’s threatened with criminal charges. – East Bay Times


JEFFERSON CITY, Mo. (AP) — Gov. Mike Parson on Thursday condemned the St. Louis Post-Dispatch for exposing a flaw in a state database that allowed public access to thousands of teachers’ Social Security numbers, even though the paper held off from reporting about the flaw until after the state could fix it.

Parson told reporters outside his Capitol office that the Missouri State Highway Patrol’s digital forensic unit will be conducting an investigation “of all of those involved” and that his administration had spoken to the prosecutor in Cole County.

The governor suggested that the Post-Dispatch journalist who broke the story committed a crime and said the news outlet would be held accountable.

The state’s schools department had earlier referred to the reporter who broke the story as “a hacker.”

The Post-Dispatch broke the news about the security flaw on Wednesday. The newspaper said it discovered the vulnerability in a web application that allowed the public to search teacher certifications and credentials.

It notified the Department of Elementary and Secondary Education and gave it time to fix the problem before the story was published.

After removing the pages from its website Tuesday, the agency issued a news release that called the person who discovered the vulnerability a “hacker” — an apparent reference to the reporter — who “took the records of at least three educators.” The agency didn’t elaborate as to what it meant by “took the records” and it declined to discuss the issue further when reached by The Associated Press.

The Post-Dispatch journalist found that the school workers’ Social Security numbers were in the HTML source code of the pages. It estimated that more than 100,000 Social Security numbers were vulnerable.

Source codes are accessible by right-clicking on public webpages.

The newspaper’s president and publisher, Ian Caso, said in a statement that the Post-Dispatch stands by the story and  journalist Josh Renaud, who he said “did everything right.”

“It’s regrettable the governor has chosen to deflect blame onto the journalists who uncovered the website’s problem and brought it to the Department of Elementary…

Source…

Tokyo Olympics could be threatened by cyberattack, FBI warns


The Olympics are ripe for cyberattacks by nation-state actors, the FBI said in a notification to cybersecurity professionals, adding that these actors could hack or ransom sensitive stolen data.

The games provide an opportunity for state-backed actors to “sow confusion…and advance ideological goals,” the FBI said in a statement.

In its notification, the FBI cited the potential for distributed denial of service (DDoS) attacks – where computers are rendered unavailable to an organization – targeting TV broadcasters, hotels, mass transit, ticketing services and event security infrastructure as a possibility.

TOKYO OLYMPICS: WHAT TO KNOW ABOUT THE 2020 GAMES

DDoS attacks are often part and parcel of ransomware.

Some attacks have already happened. In June, Japan’s Kyodo News reported that information was leaked from a data sharing tool developed by Japanese IT company Fujitsu. The breach involved Japan’s national cybersecurity center which was preparing for potential cyberattacks during the games, Kyodo said.

Olympic meddling from state actors would not be unprecedented. The FBI indicted Russian cyber actors for hacking into computers supporting the 2018 PyeongChang Winter Olympics, culminating in a cyberattack targeting the Opening Ceremony.

And the FBI notification comes in the wake of a joint advisory from The National Security Agency, Cybersecurity and Infrastructure Security Agency and FBI about an active malicious cyber campaign being carried out by the Russian General Staff Main Intelligence Directorate (GRU) targeting hundreds of U.S. and foreign organizations in order to penetrate government and private sector networks.

“GRU continues to be a threat…The scale, reach and pace of their operations is alarming,” a spokesperson from cybersecurity firm Check Point Software told Fox News.

BIDEN TELLS PUTIN TO ‘DISRUPT’ RANSOMWARE GROUPS OPERATING OUT OF RUSSIA

Against a backdrop of global cyber warfare, the usual suspects could be active.

“Given the ongoing rise in temperatures of the ‘Cyber Cold War,’ it is likely that we will see many of those previously linked with recent high profile cyberattacks – such as Russia, China, REvil and other organized groups,”…

Source…

3 months after cyberattack that threatened ‘public health crisis,’ Jersey City MUA computer systems still not fully restored


The recent cyberattack at the Jersey City Municipal Utilities Authority inflicted damage that lasted months and threatened to cause a “public health crisis,” the agency said.

Officials from Jersey City and the autonomous utilities agency have said little about the Sept. 30 ransomware attack, which MUA documents said blocked access to “vital” water and sewer information.

But the MUA spent nearly half a million dollars to address the attack, and the agency’s computer systems were still not fully functional even three months after the cyber incursion, an MUA resolution passed last month shows.

At a Dec. 17 meeting, the MUA Board of Commissioners voted to approve a new $391,000 emergency contract with cyber security firm Digital Team Six for “technical restoration services,” according to a resolution obtained through an Open Public Records request. The new contract was “necessary to avert a public health crisis,” the resolution said.

“Despite repeated efforts … problems continued to be encountered with restoring all of the JCMUA’s internet technology network to full operation,” the resolution states, adding that “it has become increasingly apparent that advanced technical assistance will be required.”

But the extent of the potential “public health crisis” is unclear. JCMUA Executive Director Jose Cunha could not be reached for comment and MUA Board of Commissioners Chair Maureen Hulings declined to comment. Digital Team Six staff did not immediately respond to requests for comment.

The contract comes on the heels of an $18,675 contract with a different information technology firm, as well as a $25,000 contract with Pennsylvania law firm Mullen Coughlin to investigate the incident — putting known expenditures related to the incident at $434,675. MUA officials expected at least $25,000 of that to be covered by insurance.

It’s also unclear exactly what the hacker or hackers wanted to target. However, the attack caused the agency to “lose access to vital information and documentation related to the provision of water and sewerage services to the citizens of the City of Jersey City,” an October resolution reads.

In ransomware attacks, hackers block…

Source…

Hacker tried to blackmail Apple; threatened 319M iCloud accts – 9to5Mac

Digital devices were seized including his phone, computers, and hard drive. NCA investigators found phone records showing Albayrak was the spokesperson for a hacker group calling themselves ‘Turkish …
mac hacker – read more