Several public websites designed to allow courts across the United States and Canada to manage the personal information of potential jurors had a simple security flaw that easily exposed their sensitive data, including names and home addresses, TechCrunch has exclusively learned.
A security researcher, who asked not to be named for this story, contacted TechCrunch with details of the easy-to-exploit vulnerability, and identified at least a dozen juror websites made by government software maker Tyler Technologies that appear to be vulnerable, given that they run on the same platform.
Read more…
Source: TechCrunch News
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Budworm: Espionage Group Returns to Targeting U.S. Organizations
October 13, 2022
The Budworm espionage group has mounted attacks over the past six months against a number of strategically significant targets, including the government of a Middle Eastern country, a multinational electronics manufacturer, and a U.S. state legislature. The latter attack is the first time in a number of years Symantec has seen Budworm targeting a U.S-based ...
- Hospital giant’s IT still poorly a week after suspected ransomware infection
October 12, 2022
Computer systems are still down at CommonSpirit Health – America’s second-largest nonprofit hospital network – more than a week after it was hit by a somewhat mystery cyberattack. The US’s largest Catholic healthcare provider remains very tight-lipped about the root cause of this digital breakdown, and when it expects its systems to come back online. At ...
- Hackers took down U.S. airport web sites, Department of Homeland Security confirms
October 10, 2022
Unknown hackers attacked and temporarily shut down the public-facing websites of at least several major U.S. airports on Monday, a Department of Homeland Security official confirmed to USA TODAY. The official from DHS’ Cybersecurity and Infrastructure Security Agency or CISA, declined to comment on who might have been behind what appeared to be a coordinated series ...
- Utility security is so bad, US DoE offers rate cuts to improve it
October 7, 2022
The US Department of Energy has proposed regulations to financially reward cybersecurity modernization at power plants by offering rate deals for everything from buying new hardware to paying for outside help. In a notice of proposed rulemaking published earlier this week (which nullified a similar 2021 plan), the DoE said the time was right “to establish ...
- Nonprofit hospital network suffers IT meltdown after ‘security incident’
October 6, 2022
America’s second-largest nonprofit healthcare org is suffering a security “issue” that has diverted ambulances and shut down electronic records systems at hospitals around the country. CommonSpirit Health, a Chicago-based organization that has more than 1,000 facilities and 140 hospitals across 21 states, this week copped to an “IT security issue” affecting “some” of its locations. The ...
- Russian Hackers Reveal List of American Targets for Attack
October 5, 2022
A pro-Russian computer hacking cell announced it will be launching a series of cyber attacks on a number of United States government websites in an apparent response to escalating tensions between the country and the North Atlantic Treaty Organization (NATO). In a Telegram post Wednesday, Killnet, a notorious “hacktivist” group formed at the onset of the ...