Distributed Denial of Secrets (DDoSecrets), a hacktivist group described as an alternative to WikiLeaks, has posted BlueLeaks, “ten years of data from over 200 police departments, fusion centers and other law enforcement training and support resources. Among the hundreds of thousands of documents are police and FBI reports, bulletins, guides and more.” The files are available, KrebsOnSecurity reports, in a searchable database. The National Fusion Center Association (NFCA) has confirmed the data’s validity, saying the leaked files were compiled between August 1996 and June 19, 2020, which covers more than the decade DDoSecrets claimed in their tweeted communiqué. The breach appears to originate with a third party: NCFA believes the data were probably taken from Netsential (a contractor widely used by state fusion centers) by someone who gained entrance to the system using compromised user credentials.
TechCrunch reports that data collected on behalf of clients by Oracle’s BlueKai, which uses cookies and “other tracking tech” to follow users as they browse the web, the better to develop profiles for marketing, were exposed in unsecured servers. Oracle believes the incident to be a misconfiguration issue on the part of two of its customers
The Washington Post summarizes two examinations of widely used COVID-19 contact-tracing and symptom-logging apps. Many are weakly encrypted, and several arguably overshare data with third parties.
India remains jittery over the prospect of Chinese cyberattacks, ET CIO reports. And judging from stories in the Australian Financial Review and elsewhere, Australia remains in high dudgeon over Chinese government hacking.
Source link
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
