Several public websites designed to allow courts across the United States and Canada to manage the personal information of potential jurors had a simple security flaw that easily exposed their sensitive data, including names and home addresses, TechCrunch has exclusively learned.
A security researcher, who asked not to be named for this story, contacted TechCrunch with details of the easy-to-exploit vulnerability, and identified at least a dozen juror websites made by government software maker Tyler Technologies that appear to be vulnerable, given that they run on the same platform.
Read more…
Source: TechCrunch News
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Water and Wastewater Sector – Incident Response Guide
January 18, 2024
Cyber threat actors are aware of – and deliberately target – single points of failure. A compromise or failure of a Water and Wastewater (WWS) Sector organization could cause cascading impacts throughout the Sector and other critical infrastructure sectors. There are many aspects of the large and complex WWS Sector that pose challenges to raising cyber resilience ...
- TA866 returns with a large Email campaign
January 18, 2024
Proofpoint researchers identified the return of TA866 to email threat campaign data, after a nine-month absence. On January 11, 2024, Proofpoint blocked a large volume campaign consisting of several thousand emails targeting North America. Invoice-themed emails had attached PDFs with names such as “Document_.pdf” and various subjects such as “Project achievements”. The PDFs contained OneDrive ...
- New TTPs observed in Mint Sandstorm campaign targeting high-profile individuals at universities and research orgs
January 17, 2024
Since November 2023, Microsoft has observed a distinct subset of Mint Sandstorm (PHOSPHORUS) targeting high-profile individuals working on Middle Eastern affairs at universities and research organizations in Belgium, France, Gaza, Israel, the United Kingdom, and the United States. In this campaign, Mint Sandstorm used bespoke phishing lures in an attempt to socially engineer targets into downloading ...
- Alleged FruitFly malware creator ruled incompetent to stand trial
January 16, 2024
On January 4, 2017, Case Western Reserve University (CWRU), located in Cleveland, Ohio, became aware of an infection on more than 100 of its computers. The university was notified by an undisclosed third party, who provided information to help the team find and identify the malware. CWRU began working with the FBI, who determined that the ...
- Known Indicators of Compromise Associated with Androxgh0st Malware
January 16, 2024
The Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) are releasing this joint Cybersecurity Advisory (CSA) to disseminate known indicators of compromise (IOCs) and tactics, techniques, and procedures (TTPs) associated with threat actors deploying Androxgh0st malware. Multiple, ongoing investigations and trusted third party reporting yielded the IOCs and TTPs, and provided ...
- Data breach hits Navy contractor Fincantieri Marine Group
January 15, 2024
Italian shipbuilding firm Fincantieri’s U.S. arm Fincantieri Marine Group, which is a contractor for the U.S. Navy, disclosed that it had 16,769 individuals’ data compromised following an April ransomware attack that resulted in significant production disruptions. In breach notification letters sent to impacted individuals earlier this month, FMG said that some of its systems had been ...