Minimal version

Both my wife and daughter fell ill this week, so I wasn't able to dedicate the usual amount of time to the newsletter. Family first!

I'll share the links that seemed interesting to me, but with less filtering and summarising than usual. I hope you still get value from it.

Dieter Van der Stock

Breaches and leaks

Oh my.

  • Data dump with 87GB of emails and passwords found, dubbed "Collection #1": link
  • Unsecured rsync server exposes 7 years of FBI investigations at the Oklahoma Securities Commission: link
  • 200 million resumes in unsecured MongoDB instance: link
  • Another set of resumes in an unsecured s3 bucket: link
  • Amadeus airline booking system, used by 141 airlines, had "change this ID in the URL to get access" flaw: link
  • Development server left unsecured at VOIPO, calls and text messages leaked: link
  • Data stolen from South Korea's Defense Ministry: link
  • Amazon India had a breach where financial information of sellers was leaked to competing sellers: link
  • A health care provider in Indiana had a third-party breach exposing data of 31.000 patients: link
  • Misconfigured Jira server at NASA: link
  • Ransomware attack on City Hall of Del Rio, Texas: link
  • Several employees fired and fined for previous SingHealth breach, a healthcare system in Singapore: link
Dieter Van der Stock

Arrests and sentences

Two high-profile ones that I came across this week:

  • Martin Gottesfeld: got 10 years and a $443.000 fine for DDoS'ing the Boston Children's Hospital, as retribution for allegedly mishandling the medical case of a 15-year old.
  • Daniel Kaye: got two years and eight months for operating a DDoS-for-hire service that took down all Internet access for the country of Liberia.
Dieter Van der Stock