Massive mortgage and loan data leak gets worse as original documents also exposed

Remember that massive data leak of mortgage and loan data we reported on Wednesday? In case you missed it, millions of documents were found leaking after an exposed Elasticsearch server was found without a password. The documents contained highly sensitive financial data on tens of thousands of ind…
techcrunch.com/2019/01/24/mort

Coming Soon to a Police Station Near You: The DNA ‘Magic Box’

The key phrase: "...In 2017, President Trump signed into law the Rapid DNA Act, which, starting this year, will enable approved police booking stations in several states to connect their Rapid DNA machines to Codis, the national DNA database..."

Hmmm... I wonder how many DNA samples of foreigners are already in that DB?

That's the next step towards #1984
nytimes.com/2019/01/21/science

Millions of bank loan and mortgage documents have online

A trove of more than 24 million financial and $banking documents, representing tens of thousands of loans and mortgages from some of the biggest banks in the U.S., has been found online after a server lapse. The server, running an database, had more than a decade’s worth… techcrunch.com/2019/01/23/fina

Marriott Concedes 5 Million Passport Numbers Lost to Hackers Were Not Encrypted
The overall number of guests affected by the hacking, in which Chinese intelligence is the leading suspect, declined to 383 million. But the passport data is critical to intelligence agencies. nytimes.com/2019/01/04/us/poli

What a surprise!
users cannot avoid location-based ads, investigation finds.
No combination of settings can stop location data being used by advertisers, says report. theguardian.com/technology/201

An Ingenious Data Hack Is More Dangerous Than Anyone Feared

Researchers have discovered that the so-called Rowhammer technique works on "error-correcting code" memory, in what amounts to a serious escalation.

Researchers have significantly increased the scope of the Rowhammer threat - wired.com/story/rowhammer-ecc-

'Cuddly' German chat app slacking on hashing given a good whacking under GDPR: €20k fine
PLAIN TEXT passwords showed up on file-hosting site theregister.co.uk/2018/11/23/k

Self-encrypting deception: weaknesses in the encryption of solid state drives.
Master passwords and faulty standards implementations allow attackers access to encrypted data without needing to know the user-chosen password. zdnet.com/article/flaws-in-sel

Show more
Infosec Exchange

A Mastodon instance for info/cyber security-minded people.