The Los Angeles Times reports that data concerning the US Department of Homeland Security's BioWatch program were exposed for over a decade on a contractor's unsecured server. The data included some sensor locations, lists of bio agents that could be detected, and some contingency plans. The vulnerable site has been shuttered, and the data moved behind a DHS firewall.
According to ZDNet and others, attackers are weaponizing vulnerabilities in Webmin servers, Pulse Secure, and Fortinet VPNs. Users are urged to patch.
SecurityWeek reports that the US Department of Justice unsealed an indictment naming some eighty defendants in a range of online frauds ranging from business email compromise to romance scams. The two lead defendants and several co-conspirators are Nigerian nationals.
InternetUA says the cryptomining rig Ukraine's SBU dismantled at the South Ukraine Nuclear Power Station apparently exposed data about the plant's physical security. Such data are sensitive, and in Ukraine are considered state secrets.
Phishing attempts are mimicking multi-factor authentication login screens, Naked Security says. They aren't, of course: they're simply malicious links. But the appearance is more convincing than that seen in earlier attempts. Sophos advises avoiding email links, being aware of domain names, and foregoing any shortcuts to determining whether accounts are being misused by some third-party.
Crown Sterling has filed a lawsuit against Informa subsidiary UBM alleging breach of contract. Poor reception of Crown Sterling's presentation at Black Hat outlining what the company calls a "paradigm-shifting" contribution to cryptography prompted the suit. Ars Technica has a summary.