KrebsOnSecurity broke the story late Friday that First American Financial left data pertaining to "hundreds of millions" of mortgages going back to 2003 exposed on the Internet. Insurance Journal says First American attributed the issue to a "design defect" in an application, and that it's working to fix the problem. It's unknown whether the exposed data have been exploited or misused, but they contain a great deal of sensitive personal information of great potential interest to criminals.
Parties unknown were scanning from TOR exit nodes over the weekend for signs of the BlueKeep vulnerability, ZDNet reports. BlueKeep (CVE-2019-0708) affects the Remote Desktop Protocol in older versions of Windows. 0Patch has a micro-patch for always-on servers and other systems to which Microsoft's patch may be difficult to apply.
According to the Frankfurter Allgemeine, at least three major German firms (Siemens, SAP, and Bosch) are reviewing their relationship with Huawei.
The RobbinHood ransomware that's afflicted Baltimore this month appears to have spread via the EternalBlue vulnerability. EternalBlue, distributed to the world by the ShadowBrokers in 2017, is widely believed to be a zero-day flaw discovered and held for exploitation by NSA, hence reporting in the New York Times and elsewhere that an NSA tool was used against Baltimore. But EternalBlue has been patched since 2017. It's also been used to distribute other malware, notably WannaCry. Perhaps Baltimore should have patched?
Spiegel reports a cryptowar escalation: Germany's Interior Minister Seehofer wants chat apps to deliver plaintext of encrypted communications to law enforcement on demand.