Both my wife and daughter fell ill this week, so I wasn't able to dedicate the usual amount of time to the newsletter. Family first!
I'll share the links that seemed interesting to me, but with less filtering and summarising than usual. I hope you still get value from it.
- Data dump with 87GB of emails and passwords found, dubbed "Collection #1": link
- Unsecured rsync server exposes 7 years of FBI investigations at the Oklahoma Securities Commission: link
- 200 million resumes in unsecured MongoDB instance: link
- Another set of resumes in an unsecured s3 bucket: link
- Amadeus airline booking system, used by 141 airlines, had "change this ID in the URL to get access" flaw: link
- Development server left unsecured at VOIPO, calls and text messages leaked: link
- Data stolen from South Korea's Defense Ministry: link
- Amazon India had a breach where financial information of sellers was leaked to competing sellers: link
- A health care provider in Indiana had a third-party breach exposing data of 31.000 patients: link
- Misconfigured Jira server at NASA: link
- Ransomware attack on City Hall of Del Rio, Texas: link
- Several employees fired and fined for previous SingHealth breach, a healthcare system in Singapore: link
Two high-profile ones that I came across this week:
- Martin Gottesfeld: got 10 years and a $443.000 fine for DDoS'ing the Boston Children's Hospital, as retribution for allegedly mishandling the medical case of a 15-year old.
- Daniel Kaye: got two years and eight months for operating a DDoS-for-hire service that took down all Internet access for the country of Liberia.
After using 1Password Teams for several years, I finally made the leap and moved my personal password vault to them as well. The UX and support are an order of magnitude better than where I came from. And I'm not just saying that because they sponsor me.