Seven Virtual Private Network (VPN) providers who claim not to keep any logs of their users' online activities recently left 1.2 terabytes of private user data exposed to anyone who comes looking. The data, found on a server shared by the services, included the Personally Identifiable Information (PII) of potentially as many as 20 million VPN users, said researchers at vpnMentor, who uncovered the leak. READ MORE...
The government of Cyprus has extradited a 21-year-old accused cybercriminal to the United States after he was accused of breaching a number of U.S. companies as part of a years-long extortion effort. Joshua Epifaniou, a Cypriot national, arrived in New York City on Friday, more than two years after he was initially arrested in connection with a corporate hacking spree. Epifaniou is charged with stealing personal information from at least four sites, then demanding a payment in exchange for not publishing that data. READ MORE...
A threat actor believed to be working for the Iranian government recently launched another round of attacks on Israel's water sector, and a source tells SecurityWeek that the attackers used vulnerable cellular equipment as a point of entry. Israeli authorities confirmed in late April that hackers had targeted industrial control systems (ICS) at several water and wastewater facilities across the country. READ MORE...
Lorien Health Services in Maryland announced that it was the victim of a ransomware incident in early June. Data was stolen and then encrypted during the incident. Responsible for the attack are Netwalker ransomware operators, who leaked the information after Lorien refused to pay the ransom demand. A family-owned nursing home for the elders, Lorien Health Services runs nine locations in Baltimore, Carroll, Harford, and Howard counties, as well as a rehabilitation and fitness facility. READ MORE...
Last week, a "wormable" remote code execution flaw in the Windows DNS Server service (CVE-2020-1350) temporarily overshadowed all the other flaws patched by Microsoft on July 2020 Patch Tuesday, but CVE-2020-1147, a RCE affecting Microsoft SharePoint, was also singled out as critical and requiring a speedy fix. Implementing the offered security updates has since become even more urgent, as more exploitation details and a PoC have been released on Monday. READ MORE...