Dec 132018

From the maybe-if-we-just-say-it’s-not-our-fault? dept, Gareth Corfield reports:

Ticketmaster is telling its customers that it wasn’t to blame for the infection of its site by a strain of the Magecart cred-stealing malware – despite embedding third-party Javascript into its payments page.

In a letter to Reg reader Mark, lawyers for the controversy-struck event ticket sales website said that Ticketmaster “is of the belief that it is not responsible for the Potential Security Incident”.

They were referring to the June 2018 infection of its UK website with the Magecart payment credential-stealing malware. At the time, Ticketmaster publicly blamed “a customer support product hosted by Inbenta Technologies” for the infection. Inbenta chief exec Jordi Torras immediately hit back, telling us in June: “Had we known that script would have been used in that way, we would have advised against it, as it poses a security threat.”

Read more on The Register.

Dec 132018

Shaun Nichols reports:

Hackers are targetting critical infrastructure providers, including nuclear power and defense agencies, in what may be a state-sponsored attack that’s hiding behind North Korean code.

Discovered by McAfee and dubbed “Sharpshooter”, the operation has been running since November, largely focusing on US-based or English-speaking companies and agencies around the world with an emphasis on nuclear, defense, energy, and financial businesses.

It appears that, for now, the hacking operation is focused mostly on reconnaissance and harvesting sensitive information from the infected machines. McAfee did not note any behavior related to damaging or sabotaging infrastructure.

Read more on The Register.

Dec 132018

Janene Pieters reports:

A data leak affecting the municipality of Amsterdam revealed the names and addresses of residents upset about the city’s home share policy. In one case a phone number was also leaked, AT5 reports.

The data was not recorded on the municipality’s website in an unrecognizable way, according to the Amsterdam broadcaster. Around 10 Amsterdam residents were affected by the leak. Whether the data was misused is unclear. 

Read more on NL Times.

Dec 132018

Laura Hautala reports:

The US doesn’t have a single data privacy law that applies to all fifty states. On Wednesday, a group of 15 US senators indicated it wanted to change the status quo, introducing the Data Care Act.

The bill (PDF) would require companies that collect personal data from users to take reasonable steps to safeguard the information. The act also has provisions to prevent them from using the data in ways that could harm consumers. 

If the bill becomes law, the US Federal Trade Commission would be in charge of implementing it.

“People have a basic expectation that the personal information they provide to websites and apps is well-protected and won’t be used against them,” Sen. Brian Schatz, a Democrat from Hawaii who is sponsoring the bill, said in a press release.

Read more on CNET.

Dec 132018

Lawrence Abrams reports:

A misconfigured server exposed the taxpayer identification numbers, or Cadastro de Pessoas Físicas (CPFs), for 120 million Brazilian nationals for an unknown period of time.

Before a Brazilian national can perform many tasks such as opening a bank account, creating a business, paying taxes, or getting a loan, they must first apply for a Cadastro de Pessoas Físicas. Similar to the U.S.A. Social Security Number, a CPF number become associated with an owner’s financial and personal information and is obviously a risk if they are publicly exposed.

According to new research by InfoArmor, an Apache web server was discovered in March 2018 that was not properly configured and thus exposed data archives that were stored on it. 


While InfoArmor was never able to determine who owned the database, they were able to contact who they think was the hosting provider. Finally, by the end of March the directory was secured and the files was no longer available.

It is not known if any other researchers, or criminals, had discovered the data before it was taken offline. What is concerning is why data such as this was on a third-party server in the first place.

Read more on BleepingComputer.

Update: The InfoArmor report can be found here.