Security Leftovers

posted by Roy Schestowitz on Aug 29, 2023

• iVerify is now an independent company!

  We’re proud to announce that iVerify is now an independent company following its four-year incubation at Trail of Bits.

• Two Men Arrested Following Poland Railway Hacking

  Polish police have arrested two men suspected of illegally hacking into the national railway's communications network, causing disruption to 20 trains.

• Leaseweb Reports Cloud Disruptions Due to Cyberattack

  Dutch cloud company Leaseweb shut down some critical systems last week due to a cyberattack.

• Ohio History Organization Says Personal Information Stolen in Ransomware Attack

  Personal information stolen in ransomware attack at Ohio History Connection posted online after organization refuses to pay ransom.

• 3 Cryptocurrency Firms Suffer Data Breach After Kroll SIM Swapping Attack

  Three bankrupt cryptocurrency companies — FTX, BlockFi and Genesis — suffered data breaches following a SIM swapping attack at Kroll. 

• Security updates for Monday

  Security updates have been issued by Debian (chromium, clamav, librsvg, rar, and unrar-nonfree), Fedora (caddy, chromium, and xen), and SUSE (ca-certificates-mozilla, gawk, ghostscript, java-1_8_0-ibm, java-1_8_0-openjdk, php7, qemu, and xen).

• Update: Tucson Unified School District sends out notifications about January cyberattack

  There’s another update to the January cyberattack on TUSD by the Royal ransomware group. While the district was still claiming that sensitive data hadn’t been compromised, data from employees was already being leaked on the dark web as early as February.

• Security breach at land registry exposes millions of addresses

  A data breach at the Dutch land registry Kadaster has exposed the addresses of every homeowner in the Netherlands, an investigation by RTL Nieuws has found.

  The privacy watchdog AP called for the agency to close the loophole immediately after it was discovered by journalists.

  The Kadaster’s website includes a search facility that allows anyone to find the owner of a registered property.

• Medical organizations and IT vendors “should bear part of the cyber damage”.

  A document released on August 24 by the Japan Medical Association Policy Research Institute (Nichi-Isouken), which aims to plan medical policy, is causing controversy on SNS. Regarding contracts and responsibility sharing between medical institutions and system vendors, based on the “principle of good faith”, if the vendor’s risk explanation is insufficient, the medical institution will assume a certain amount of responsibility even if there is no description in the contract. may be questioned.”

• Medically-tailored food provider, PurFoods, discloses data breach

  PurFoods, which positions itself as a provider of “tailored home-delivered meals,” has reported a data breach affecting over 1.2 million people.

  PurFoods (doing business as Mom’s Meals) filed a data breach report with the Maine Attorney General’s Office, stating that attackers acquired sensitive info such as name or other personal identifier, together with financial account number or payment card (credit or debit) number, security and access codes, and passwords or PINs for the account.