about

now browsing by tag

 
 

#nationalcybersecuritymonth | DNC warns campaigns about cybersecurity after attempted scam

Source: National Cyber Security – Produced By Gregory Evans

An online “impersonator” of a Democratic National Committee (DNC) staffer tried to contact presidential campaigns, including Sen. Bernie SandersBernie SandersWinners and losers from the South Carolina debate Five takeaways from the Democratic debate Sanders most searched, most tweeted about candidate during Democratic debate MORE’s (I-Vt.) campaign, the committee said in a statement to the candidates Wednesday.

Bob Lord, the DNC’s chief security officer, wrote in an email to the campaigns that “adversaries will often try to impersonate real people on a campaign,” The Associated Press reported

He added that the “adversaries” could try to get campaign workers to “download suspicious files, or click on a link to a phishing site” or set up calls or in-person meetings to record and release.

Lord warned that the “impersonator” contacted the Sanders campaign and at least two others and had a domain registered overseas. But he acknowledged that anyone can register a domain name in any country.  

“Attribution is notoriously hard,” he wrote. “The appropriate authorities have been alerted.”

“If you are using an alternate domain, please refrain from doing so and let us know if you are operating from a domain that others have not corresponded with before,” Lord added. “Do not use your personal mail account for official business.”

Sanders campaign spokesman Mike Casca confirmed the incident with the AP and said the domain was registered in Russia.

“It’s clear the efforts and investments made by the DNC and all the campaigns to shore up our cybersecurity systems are working,” Casca said, according to the AP. “We will remain vigilant and continue to learn from each incident.”

The Hill reached out to the DNC and the Sanders campaign for confirmation.

The Vermont senator said on Friday that he was briefed about a month ago that Russia was attempting to boost support for his campaign.

Democratic campaigns have been cautious about cybersecurity since Hillary ClintonHillary Diane Rodham ClintonDemocratic insiders stay on the sidelines in 2020 race Hillicon Valley: Twitter falling short on pledge to verify primary candidates | Barr vows to make surveillance reforms after watchdog report | DHS cyber chief focused on 2020 The Hill’s Campaign Report: High stakes at last Democratic debate before Super Tuesday MORE campaign chairman John Podesta’s emails were hacked and published after he received an email seemingly from Google directing him to change his account.

Source link

The post #nationalcybersecuritymonth | DNC warns campaigns about cybersecurity after attempted scam appeared first on National Cyber Security.

View full post on National Cyber Security

Data about inmates and jail staff spilled by leaky prison app – Naked Security

Source: National Cyber Security – Produced By Gregory Evans

Inmates’ and correctional facilities employees’ data has been sloshed onto the web, unencrypted and unsecured, in yet another instance of a misconfigured cloud storage bucket.

Security researchers at vpnMentor came across the leak on 3 January during a web-mapping project that was scanning a range of Amazon S3 addresses to look for open holes in systems.

The leaky bucket belongs to JailCore, a cloud-based app meant to manage correctional facilities, including by helping to ensure better compliance with insurance standards by doing things like tracking inmates’ medications and activities. That means that the app handles personally identifiable information (PII) that includes detainees’ names, mugshots, medication names, and behaviors: going to the lavatory, sleeping, pacing, or cursing, for example.

JailCore also tracks correctional officers’ names, sometimes their signatures, and their personally filled out observational reports on the detainees.

Some of the PII is meant to be freely available to the public: details such as detainee names, dates of birth and mugshots are already publicly available from most state or county websites within rosters of current inmates. But another portion of the data is not: that portion includes specific medication information and additional sensitive data, vpnMentor says, such as the PII of correctional officers.

JailCore closed down the data leak between 15 and 16 January: 10 or 11 days after vpnMentor notified it about the breach (and about the same time that the security firm reached out to the Pentagon about it). The company initially refused to accept vpnMentor’s disclosure findings, the firm said.