Security News

An Elasticsearch server holding personal data of 6 million players of the popular mobile game Battle for the Galaxy was discovered insecure and containing over 1 terabyte of unencrypted data, meaning anyone with a link could access data stored on the repository. Battle for the Galaxy is available for Android and iOS devices, via the Steam gaming platform and also through the game publisher's browser-based version of the game.

The Indonesian government is blocking access to the RaidForums hacking forum after the alleged personal information of Indonesian citizens was posted online. While the Indonesian government has not confirmed if the data is legitimate, they have performed a random investigation of 1 million records and believe a more thorough investigation needs to be conducted by the government's information technology and cybersecurity agencies.

Indonesia's government has admitted to leaks of personal data from the agency that runs its national health insurance scheme. On May 20th Kominfo, Indonesia's Ministry of Communication and Information Technology, acknowledged it was aware of a post on notorious stolen-data-mart Raidforums offering to sell a million records leaked from the Badan Penyelenggara Jaminan Sosial, an agency that runs national health insurance scheme Jaminan Kesehatan Nasional.

The High Court of Ireland has issued an injunction against the Conti Ransomware gang, demanding that stolen HSE data be returned and not sold or published. Today, Conti released a decryptor for encrypted files but warned that they still intend to publish or sell data stolen during the attack on the HSE. To try and prevent the release of personal and potentially sensitive medical data, the HSE has received an injunction against the Conti ransomware again from the High Court of Ireland.

More than 100 million Android users are at risk after 23 different mobile apps were found to leak personal data in the wake of rampant cloud misconfigurations. In the case of at least two of the apps, cloud keys were exposed with no safeguards, according to the researchers.

One of America's largest broadband providers, has now deployed RPKI on its network to defend against BGP route hijacks and leaks. "In practical terms, it means that Comcast now both cryptographically signs route information and validates the cryptographic signatures of other networks' route information."

We look into an unnerving case of mixed-up video feeds. We warn you against "Going rogue" when you can't get the download you want from the regular place.

IT pro Rob Dyke says an NHS-backed company not only threatened him with legal action after he flagged up an exposed GitHub repository containing credentials and insecure code, it even called the police on him. What happened next united infosec professionals across the world as well as triggering a crowdfundraiser and a behind-the-scenes legal war: we're told Apperta sent Dyke legal demands, and followed those up by alleging to the cops that he broke Britain's computer security laws.

In short, it's possible to use passing Apple devices to sneak out portions of information from one place to another, such as a computer on the other side of the world, over the air without any other network connectivity. Participating devices broadcast over BLE to other nearby attentive Apple devices, which in turn relay data back over their network connection to Cupertino's servers.

The cybercrime syndicate behind Babuk ransomware has leaked more personal files belonging to the Metropolitan Police Department after negotiations with the DC Police broke down, warning that they intend to publish all data if their ransom demands are not met. "The negotiations reached a dead end, the amount we were offered does not suit us, we are posting 20 more personal files on officers, you can download this archive, the password will be released tomorrow. if during tomorrow they do not raise the price, we will release all the data," the gang said in a statement on their data leak site.