
Tweakers – Lek in systeem van UvA maakte inzage in cijfers van 34.000 studenten mogelijk
“David viel het op dat er een studentnummer in de url stond. Toen logde ik in en vulde zijn studentnummer in. Vervolgens kreeg ik voor een halve seconde zijn naam, naam van het vak en cijfer te zien, waarna we doorverwezen werden naar een foutmelding.”

VRTNWS – Hacking bij bedrijf in vliegtuigonderdelen, 1.000 werknemers in ons land 2 dagen technisch werkloos.
“Werknemers van het bedrijf Asco in Zaventem zijn twee dagen technisch werkloos, omdat de servers van het bedrijf gehackt zijn.”

Arstechnica – Baltiumore’s bill for ransomware: Over $18 million, so far
“Baltimore City Council President Brandon Scott, who will chair a committee reviewing the ransomware incident, published a statement last week calling for the governor to declare a disaster and request funding.”

NakedSecurity – Ex-student records himself using USB Killer to fry college computers
“The defendant, using his personal iPhone, recorded himself inserting the ‘USB Killer’ device into computers and other hardware owned by the college, and making statements including, “I’m going to kill this guy,” then inserting the ‘USB Killer’ device into a USB port, and – after destroying the host device – stating “it’s dead”, and, in […]

NakedSecurity – Scammer pleads guilty to fleecing Facebook and Google of $121m
“… Use strong passwords and consider 2FA to make it harder for crooks to gather intelligence … Consider a “back to base” VPN for remote users so their online security is kept up, even on the road. Think twice about publicly posting personnel information that could be abused in phishing attacks. …”

NackedSecurity – Sacked IT guy annihilates 23 of his ex-employer’s AWS servers
“2FA would have made it much harder for Needham to traipse through Voova’s AWS account posing as “Speedy.” Of course, you also have to lock the door after employees leave by shutting down their accounts.”

Mondaq – “Knuddels.de” EUR 20.000 fine
” … The company was the victim of a hacker attack in summer 2018 during which hackers captured personal data. One reason they were able to do this was that customers’ passwords were saved in plain text on the company server. In addition to this, Knuddels had neglected to install the new version of the […]

KnowBe4 – Cyberheist On Bank Causes Shutdown Of All Operations
… Generally, this type of hack starts with a successful spear phishing attack that opens up the victim’s network to the bad guys who then move laterally and compromise critical systems.

BleepingComputer – Info on over 500.000 students and staff exposed in San Diego School District hack.
Personal information belonging to over half a million students … may have been compromised in a data breach incident. An unauthorized person baited the staff with phishing emails to collect credentials to log into the district’s network services.

NewsChannel11 – Unauthorized users could have accessed private information of 7,700 people following ETSU breach
University officials tell News Channel 11 that two unidentified employees clicked on a link in the phishing scam that was sent to their e-mail accounts.