Security Leftovers
-
LWN ☛ Security updates for Wednesday
Security updates have been issued by Debian (bind9 and unbound), Fedora (clamav, firecracker, libkrun, rust-event-manager, rust-kvm-bindings, rust-kvm-ioctls, rust-linux-loader, rust-userfaultfd, rust-versionize, rust-vhost, rust-vhost-user-backend, rust-virtio-queue, rust-vm-memory, rust-vm-superio, rust-vmm-sys-util, and virtiofsd), Red Hat (.NET 6.0, dotnet6.0, and dotnet7.0), Slackware (bind and dnsmasq), and Ubuntu (dotnet6, dotnet7, dotnet8, linux-lowlatency, linux-raspi, linux-nvidia-6.2, and ujson).
-
The Record ☛ New Jersey law enforcement officers sue 118 data brokers for not removing personal info
Over the course of the last week, 118 class action lawsuits were filed against data brokers who allegedly failed to respond to requests from about 20,000 New Jersey law enforcement personnel asking to remove their personal information from the internet.
New Jersey law prohibits the disclosure of home addresses and unpublished telephone numbers for current and retired police officers, prosecutors, and judges, along with their family members. If that information is disclosed, the law requires it be removed within 10 days of a takedown request.
Failure to do so could result in a $1,000 fine per violation.
-
US military notifies 20,000 of data breach after cloud email leak
The U.S. Department of Defense is notifying tens of thousands of individuals that their personal information was exposed in an email data spill last year.
According to the breach notification letter sent out to affected individuals on February 1, the Defense Intelligence Agency — the DOD’s military intelligence agency — said, “numerous email messages were inadvertently exposed to the Internet by a service provider,” between February 3 and February 20, 2023.
TechCrunch has learned that the breach disclosure letters relate to an unsecured U.S. government cloud email server that was spilling sensitive emails to the open internet.
-
Krebs On Security ☛ U.S. Internet Leaked Years of Internal, Customer Emails
The Minnesota-based Internet provider U.S. Internet Corp. has a business unit called Securence, which specializes in providing filtered, secure email services to businesses, educational institutions and government agencies worldwide. But until it was notified last week, U.S. Internet was publishing more than a decade's worth of its internal email -- and that of thousands of Securence clients -- in plain text out on the Internet and just a click away for anyone with a Web browser.