Sep 192018

RBS is doing a great job of tracking the Click2Gov breaches.  In their most recent update, they report:

It’s been three months since our original post was published and as feared, breaches of the Click2Gov system continue to be reported. Here is what we’ve learned:

  • Attackers are exploiting an unpatched vulnerability in Oracle’s WebLogic. Early on, we speculated whether the problem was with the Click2Gov application itself and whether it impacted the cloud-based version of the system. It has since come to light that only local installations are at risk. Attackers are gaining access to application servers due to a known vulnerability in WebLogic and escalating the attack from there.

Few other details about the attack methods have come to light. That said, one intriguing detail has remained consistent –  only one-time payments are at risk. Data for customers with auto-pay enabled has not been exposed. That does make us wonder if there is another weakness in play, perhaps associated with the form or page used to enter payment information.

  • Nine more incidents involving Click2Gov installations have come to light.

Read more on RBS.

And sure enough, there was another update to note:  FireEye issued an analysis and report.

Sep 172018

Australian Associated Press reports:

A recent data breach at Perth Mint saw hackers take the personal details of about 3200 customers, far more than initially suspected, but investors have been assured their investment remains safe and secure.

The mint said earlier this month the breach occurred on the system of a third-party technology provider and only involved 13 customers of the Depository Online precious metals trading platform.

Read more on  The West Australian has additional comments from the mint.

Sep 132018

G. Wayne Miller reports:

Blue Cross & Blue Shield of Rhode Island has disclosed a breach of personal health-care information affecting 1,567 people that the insurer blames on an unnamed vendor responsible for sending benefits explanations, also known as health-care services summaries, to members.

In a media release Tuesday afternoon, the insurer said that some summaries “were sent to the wrong BCBSRI member in the same household or on the same family policy … In no case, however, was any information disclosed to anyone other than a family member or a person covered on the same family policy.”

Read more on Providence Journal.

Sep 132018

Bob Conrad reports:

Student data used in the social networking educational platform Edmodo was stolen a year and a half ago. The Washoe County School District is now considering hiring a consultant to investigate whether any student information was compromised.

Board of Trustees President Katy Simon Holland, speaking from a prepared statement at Tuesday’s board meeting, said student data was not breached

….but parents and members of the community are not buying into any platitudes, it seems.  It’s nice to see parents find their voice and speak up about data breaches involving their children’s information. Read more on ThisIsReno.

Sep 112018

Akshatha M reports:

In a serious security breach of Karnataka’s famed land record database, 19 acres of government wasteland in Devanahalli were shifted to a private individual illegally last week.

In Gobbaragunte village of Devanahalli taluk, around 40 km from Bengaluru, land value is very high. The incident has caused ripples in the revenue department. Land sharks are believed to be behind the manipulation of records.

This is the third time that the Bhoomi software has been breached. Bhoomi, introduced to digitise land records, came into being in 2002.

Read more on ET Tech.