digitalcourage.social is one of the many independent Mastodon servers you can use to participate in the fediverse.
Diese Instanz wird betrieben von Digitalcourage e.V. für die Allgemeinheit. Damit wir das nachhaltig tun können, erheben wir einen jährlichen Vorausbeitrag von 1€/Monat per SEPA-Lastschrifteinzug.

Server stats:

811
active users

#govsec

0 posts0 participants0 posts today
Dissent Doe :cupofcoffee:<p>NEW: </p><p>Paying cyberattackers is wrong, right? Should Taos County's incident be an exception?</p><p>CAUTION: Post contains mention of CSA:</p><p><a href="https://databreaches.net/2025/07/23/paying-cyberattackers-is-wrong-right-should-taos-countys-incident-be-an-exception/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">databreaches.net/2025/07/23/pa</span><span class="invisible">ying-cyberattackers-is-wrong-right-should-taos-countys-incident-be-an-exception/</span></a></p><p><a href="https://infosec.exchange/tags/databreach" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>databreach</span></a> <a href="https://infosec.exchange/tags/extortion" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>extortion</span></a> <a href="https://infosec.exchange/tags/govsec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>govsec</span></a> <a href="https://infosec.exchange/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cybersecurity</span></a> <a href="https://infosec.exchange/tags/accountability" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>accountability</span></a></p>
Dissent Doe :cupofcoffee:<p>A state forensics lab was leaking its files. Getting it locked down involved a number of people, notably <span class="h-card" translate="no"><a href="https://infosec.exchange/@JayeLTee" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>JayeLTee</span></a></span> and <span class="h-card" translate="no"><a href="https://infosec.exchange/@masek" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>masek</span></a></span> , although yours truly was also involved, as were others: </p><p><a href="https://databreaches.net/2025/06/22/a-state-forensics-lab-was-leaking-its-files-getting-it-locked-down-involved-a-number-of-people/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">databreaches.net/2025/06/22/a-</span><span class="invisible">state-forensics-lab-was-leaking-its-files-getting-it-locked-down-involved-a-number-of-people/</span></a></p><p><a href="https://infosec.exchange/tags/dataleak" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>dataleak</span></a> <a href="https://infosec.exchange/tags/responsibledisclosure" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>responsibledisclosure</span></a> <a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>infosec</span></a> <a href="https://infosec.exchange/tags/govsec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>govsec</span></a> </p><p>Related:<br><a href="https://jltee.substack.com/p/forensic-lab-with-links-to-montana-doj-leaks-phone-extracts" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">jltee.substack.com/p/forensic-</span><span class="invisible">lab-with-links-to-montana-doj-leaks-phone-extracts</span></a></p><p><a href="https://blog.literarily-starved.com/2025/06/postmortem-assumed-doj-montana-leak-of-phone-dumps/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">blog.literarily-starved.com/20</span><span class="invisible">25/06/postmortem-assumed-doj-montana-leak-of-phone-dumps/</span></a></p>
Dissent Doe :cupofcoffee:<p>York County, Pennsylvania incident: </p><p>An employee of a vendor that had been hired to develop software for York County Civil Courts was provided “with certain York County Civil Courts data to use for software development and testing purposes. The employee subsequently left the vendor’s employment without returning this data,” according to the county's press release.</p><p>So it seems they gave the vendor's employee REAL data to use for development and testing -- with "contact information, Social Security numbers, driver’s license or state ID card numbers, financial and medical information"</p><p>And of course, there's no evidence of misuse, but they have referred the matter to law enforcement.....</p><p>h/t, <a href="https://www.pennlive.com/news/2025/05/central-pa-county-alerts-residents-of-potential-data-leak.html" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">pennlive.com/news/2025/05/cent</span><span class="invisible">ral-pa-county-alerts-residents-of-potential-data-leak.html</span></a></p><p><a href="https://infosec.exchange/tags/infosecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>infosecurity</span></a> <a href="https://infosec.exchange/tags/govsec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>govsec</span></a> <a href="https://infosec.exchange/tags/insiderthreat" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>insiderthreat</span></a></p>
Dissent Doe :cupofcoffee:<p>A county auditor was ordered to pay $80k to a town after their error sent the funds to fraudsters. I don't recall ever seeing an order like this before.</p><p><a href="https://databreaches.net/2025/04/24/county-auditor-ordered-to-pay-80k-after-cyberattack/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">databreaches.net/2025/04/24/co</span><span class="invisible">unty-auditor-ordered-to-pay-80k-after-cyberattack/</span></a></p><p><a href="https://infosec.exchange/tags/databreach" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>databreach</span></a> <a href="https://infosec.exchange/tags/fraud" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>fraud</span></a> <a href="https://infosec.exchange/tags/phishing" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>phishing</span></a> <a href="https://infosec.exchange/tags/govsec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>govsec</span></a> <a href="https://infosec.exchange/tags/mandamus" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>mandamus</span></a> <a href="https://infosec.exchange/tags/negligence" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>negligence</span></a></p>
Dissent Doe :cupofcoffee:<p>WBAL-TV11 started digging into the <a href="https://infosec.exchange/tags/Kairos" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Kairos</span></a> attack on the State Attorney's Office for the City of Baltimore. </p><p>Kairos had exfiltrated 325 GB of files, and none of it appeared to have been protected with any encryption. My previous report on the incident can be found here: <a href="https://databreaches.net/2025/04/19/baltimore-city-states-attorneys-office-hacked-data-leaked/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">databreaches.net/2025/04/19/ba</span><span class="invisible">ltimore-city-states-attorneys-office-hacked-data-leaked/</span></a> </p><p>The city has now confirmed they had a breach (they were notified by law enforcement as they hadn't detected it on their own, it seems). But they are not giving out any details or answering any questions. See WBAL-TV's coverage at <a href="https://www.wbaltv.com/article/baltimore-states-attorney-office-cybersecurity-incident/64551797" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">wbaltv.com/article/baltimore-s</span><span class="invisible">tates-attorney-office-cybersecurity-incident/64551797</span></a></p><p>So, of course, I have now filed a public records request under <a href="https://infosec.exchange/tags/MPIA" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>MPIA</span></a> to try to get answers to some questions because the state ignored all of my polite email inquiries. </p><p>Did I ever mention that I hate not getting answers to questions? :)</p><p><a href="https://infosec.exchange/tags/databreach" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>databreach</span></a> <a href="https://infosec.exchange/tags/govsec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>govsec</span></a> <a href="https://infosec.exchange/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cybersecurity</span></a></p>
Dissent Doe :cupofcoffee:<p>NEW by me: </p><p>Baltimore City State’s Attorney’s Office hacked; Data leaked </p><p><a href="https://databreaches.net/2025/04/19/baltimore-city-states-attorneys-office-hacked-data-leaked/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">databreaches.net/2025/04/19/ba</span><span class="invisible">ltimore-city-states-attorneys-office-hacked-data-leaked/</span></a> </p><p><a href="https://infosec.exchange/tags/databreach" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>databreach</span></a> <a href="https://infosec.exchange/tags/GovSec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>GovSec</span></a> <a href="https://infosec.exchange/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cybersecurity</span></a> <a href="https://infosec.exchange/tags/Kairos" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Kairos</span></a></p>
Dissent Doe :cupofcoffee:<p>Shoot the Messenger, Sunday Edition: Reporting on a leak is not unethical, Hamilton County</p><p><a href="https://databreaches.net/2025/03/30/shoot-the-messenger-sunday-edition-reporting-on-a-leak-is-not-unethical-hamilton-county/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">databreaches.net/2025/03/30/sh</span><span class="invisible">oot-the-messenger-sunday-edition-reporting-on-a-leak-is-not-unethical-hamilton-county/</span></a></p><p>See the Chattanooga Times Free Press's full OpEd at: <a href="https://www.timesfreepress.com/news/2025/mar/30/opinion-reporting-on-a-leak-is-not-unethical/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">timesfreepress.com/news/2025/m</span><span class="invisible">ar/30/opinion-reporting-on-a-leak-is-not-unethical/</span></a></p><p><a href="https://infosec.exchange/tags/journalism" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>journalism</span></a> <a href="https://infosec.exchange/tags/pressfreedom" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>pressfreedom</span></a> <a href="https://infosec.exchange/tags/transparency" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>transparency</span></a> <a href="https://infosec.exchange/tags/incidentresponse" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>incidentresponse</span></a> <a href="https://infosec.exchange/tags/govsec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>govsec</span></a> <a href="https://infosec.exchange/tags/databreach" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>databreach</span></a> <a href="https://infosec.exchange/tags/FirstAmendment" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>FirstAmendment</span></a></p>
Dissent Doe :cupofcoffee:<p>So remember the ransomware attack discovered last July by Columbus, Ohio -- who raced to court to chill the speech of a researcher (David Ross, aka "Goodwolf") who disputed their claims about the breach? </p><p>Well, now it comes out that there was also some medical info from emergency services involved in the breach: </p><p><a href="https://spectrumnews1.com/oh/columbus/news/2025/02/04/health-information-columbus-cyberattack" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">spectrumnews1.com/oh/columbus/</span><span class="invisible">news/2025/02/04/health-information-columbus-cyberattack</span></a></p><p>They discovered the medical stuff in December and are first sending out letters to those affected now. </p><p><a href="https://infosec.exchange/tags/databreach" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>databreach</span></a> <a href="https://infosec.exchange/tags/govsec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>govsec</span></a> <a href="https://infosec.exchange/tags/healthsec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>healthsec</span></a> <a href="https://infosec.exchange/tags/ransomware" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ransomware</span></a> <a href="https://infosec.exchange/tags/Rhysida" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Rhysida</span></a></p>
Dissent Doe :cupofcoffee:<p>It appears Brain Cipher did leak the RIBridges data on their leak site, and it appears to be the same data they had provided to me pre-leak and that I described yesterday:</p><p><a href="https://databreaches.net/2024/12/30/more-details-emerge-about-ribridges-data-breach-deloitte-tells-state-threat-actors-have-leaked-data/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">databreaches.net/2024/12/30/mo</span><span class="invisible">re-details-emerge-about-ribridges-data-breach-deloitte-tells-state-threat-actors-have-leaked-data/</span></a></p><p>And no, none of the data I inspected was encrypted. </p><p>The leak site is still iffy to connect to.</p><p><a href="https://infosec.exchange/tags/databreach" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>databreach</span></a> <a href="https://infosec.exchange/tags/ransom" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ransom</span></a> <a href="https://infosec.exchange/tags/healthsec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>healthsec</span></a> <a href="https://infosec.exchange/tags/govsec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>govsec</span></a> <a href="https://infosec.exchange/tags/Deloitte" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Deloitte</span></a> <a href="https://infosec.exchange/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cybersecurity</span></a></p>
Dissent Doe :cupofcoffee:<p>Yikes. </p><p>Wood County Commissioners pay $1.5M in ransomware:</p><p><a href="https://www.sent-trib.com/2024/12/23/wood-county-commissioners-pay-1-5m-in-ransomware/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">sent-trib.com/2024/12/23/wood-</span><span class="invisible">county-commissioners-pay-1-5m-in-ransomware/</span></a></p><p>This was the situation two weeks ago: <a href="https://www.toledoblade.com/local/suburbs/2024/12/10/ransomware-attack-cripples-wood-county-computer-systems/stories/20241210087" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">toledoblade.com/local/suburbs/</span><span class="invisible">2024/12/10/ransomware-attack-cripples-wood-county-computer-systems/stories/20241210087</span></a></p><p>This incident had not been publicly claimed. Anyone know who did it?</p><p><a href="https://infosec.exchange/tags/databreach" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>databreach</span></a> <a href="https://infosec.exchange/tags/ransomware" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ransomware</span></a> <a href="https://infosec.exchange/tags/govsec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>govsec</span></a> <a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>infosec</span></a> <a href="https://infosec.exchange/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cybersecurity</span></a></p>

From the Better-Late-Than-Never Department:

"Washington County is preparing to implement a new policy on how to respond to future cybersecurity attacks after a ransomware strike crippled the county government for more than two weeks earlier this year.

County solicitor Gary Sweat is asking the commissioners to consider approving a “business continuity and disaster contingency” plan that would have a protocol for county workers and its IT department to follow in the event of another cyber emergency."

As a reminder, they paid $350k ransom to ransomware gang to get decryptor key.

observer-reporter.com/news/loc

Observer-ReporterWashington County considering ‘ransomware’ policy after January cyberattackWashington County is preparing to implement a new policy on how to respond to future cybersecurity attacks after a ransomware strike crippled the county government for more than two weeks earlier this year. County solicitor Gary Sweat is asking the commissioners to consider approving a “business continuity and disaster contingency” plan that would have a […]

In early October, Wayne County in Michigan announced it was the victim of a cyberattack that a source acknowledged involved disruption and a ransom demand.

Today, Interlock has claimed responsibility for the attack and leaked data. They claim: "We offer you more than 130 SQL databases. A large collection of confidential criminal investigation files, personal data of residents. "

The leak is 7.7 TB of data. There are six screencaps as POC, and a list of files that can be separately downloaded. From the list, it does look like there is a lot of PII and sensitive info. :(

There doesn't seem to be anything on Wayne's website or FB page at this point about today's leak and claims.

@brett

Threat actors called Valencia Ransomware claim to have hit the City of Pleasanton in California. They have leaked what they claim are 283 GB of files on their dark web leak site. They claim the data includes:

"PII (Names, Full Addresses, DOB, Drivers License's, Credit Cards, Personal Financial Data), Company Financial Data, Sensitive files containing passwords, Employee Resumes, Confidential company documents & more."

There is nothing on the city's website about any attack. I have sent an inquiry to the city to try to find out more. Downloading the data tranche is estimated to take another 29 days or more at the blistering download rates... ugh.

It looks like the RA group called Hunters International claims to have exfiltrated data from the U.S. Marshals. They haven't leaked any actual proof of claims yet, but show some screencaps that are suggestive that they may have data to back up their claims.

Hunters uses icons on their listings. There is nothing on this one to suggest that they have locked/encrypted this target. Nor is it evident how much data they claim to have, total, or how much they are demanding in ransom.

There is no indication of any attack on the US Marshals website. I have emailed them and DOJ to inquire whether they will confirm or deny any claimed attack.