Security News

A former government contractor who was given the longest federal prison sentence imposed for leaks to the news media has been released from prison to home confinement, a person familiar with the matter told The Associated Press on Monday. Reality Winner, 29, has been moved to home confinement and remains in the custody of the federal Bureau of Prisons, the person said.

Baby clothes retailer Carter's inadvertently exposed the personal data of hundreds of thousands of its customers, dating back years, according to a new disclosure. The Linc system was delivering customers shortened URLs with Carter's purchase and shipping details without basic security protections.

An Elasticsearch server holding personal data of 6 million players of the popular mobile game Battle for the Galaxy was discovered insecure and containing over 1 terabyte of unencrypted data, meaning anyone with a link could access data stored on the repository. Battle for the Galaxy is available for Android and iOS devices, via the Steam gaming platform and also through the game publisher's browser-based version of the game.

The Indonesian government is blocking access to the RaidForums hacking forum after the alleged personal information of Indonesian citizens was posted online. While the Indonesian government has not confirmed if the data is legitimate, they have performed a random investigation of 1 million records and believe a more thorough investigation needs to be conducted by the government's information technology and cybersecurity agencies.

Indonesia's government has admitted to leaks of personal data from the agency that runs its national health insurance scheme. On May 20th Kominfo, Indonesia's Ministry of Communication and Information Technology, acknowledged it was aware of a post on notorious stolen-data-mart Raidforums offering to sell a million records leaked from the Badan Penyelenggara Jaminan Sosial, an agency that runs national health insurance scheme Jaminan Kesehatan Nasional.

The High Court of Ireland has issued an injunction against the Conti Ransomware gang, demanding that stolen HSE data be returned and not sold or published. Today, Conti released a decryptor for encrypted files but warned that they still intend to publish or sell data stolen during the attack on the HSE. To try and prevent the release of personal and potentially sensitive medical data, the HSE has received an injunction against the Conti ransomware again from the High Court of Ireland.

More than 100 million Android users are at risk after 23 different mobile apps were found to leak personal data in the wake of rampant cloud misconfigurations. In the case of at least two of the apps, cloud keys were exposed with no safeguards, according to the researchers.

One of America's largest broadband providers, has now deployed RPKI on its network to defend against BGP route hijacks and leaks. "In practical terms, it means that Comcast now both cryptographically signs route information and validates the cryptographic signatures of other networks' route information."

We look into an unnerving case of mixed-up video feeds. We warn you against "Going rogue" when you can't get the download you want from the regular place.

IT pro Rob Dyke says an NHS-backed company not only threatened him with legal action after he flagged up an exposed GitHub repository containing credentials and insecure code, it even called the police on him. What happened next united infosec professionals across the world as well as triggering a crowdfundraiser and a behind-the-scenes legal war: we're told Apperta sent Dyke legal demands, and followed those up by alleging to the cops that he broke Britain's computer security laws.