Endpoint

1/16/2019
04:30 PM
50%
50%

Oklahoma Data Leak Compromises Years of FBI Data

The Oklahoma Securities Commission accidentally leaked 3 TB of information, including data on years of FBI investigations.

Researchers have disclosed a huge leak of government data stemming from the Oklahoma Securities Commission. As discovered by UpGuard researcher Greg Pollock, 3 TB of data was exposed, including millions of files, many of which pertained to FBI investigations.

The data was exposed on a server sans password protection, meaning anyone with an Internet connection may have had access. Chris Vickery, head of research for UpGuard, reported to Forbes the FBI data had seven years' worth of archive enforcement actions. Files included FBI interviews, emails among people involved with investigations, and letters from witnesses. They named companies involved with investigations, such as AT&T and Goldman Sachs.

Vickery, who calls the incident "massively noteworthy," says the commission had a poor response. Nobody looked into what was done with the trove of data downloaded by the researchers, he says. A spokesperson said the issue was being investigated; when the commission was alerted to the incident in December, it took the server off the public Internet.

Further, when Vickery and Pollock shared the breach, they told the agency it had exposed an rsync server, which holds large data stores and must be password-protected. This was one of several poor security practices the commission showed, in addition to weak passwords on government machines.

Read more details here.

Dark Reading's Quick Hits delivers a brief synopsis and summary of the significance of breaking news events. For more information from the original source of the news item, please follow the link provided in this article. View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Russia Hacked Clinton's Computers Five Hours After Trump's Call
Robert Lemos, Technology Journalist/Data Researcher,  4/19/2019
Tips for the Aftermath of a Cyberattack
Kelly Sheridan, Staff Editor, Dark Reading,  4/17/2019
Why We Need a 'Cleaner Internet'
Darren Anstee, Chief Technology Officer at Arbor Networks,  4/19/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
5 Emerging Cyber Threats to Watch for in 2019
Online attackers are constantly developing new, innovative ways to break into the enterprise. This Dark Reading Tech Digest gives an in-depth look at five emerging attack trends and exploits your security team should look out for, along with helpful recommendations on how you can prevent your organization from falling victim.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-0218
PUBLISHED: 2019-04-22
A vulnerability was discovered wherein a specially crafted URL could enable reflected XSS via JavaScript in the pony mail interface.
CVE-2019-11383
PUBLISHED: 2019-04-22
An issue was discovered in the Medha WiFi FTP Server application 1.8.3 for Android. An attacker can read the username/password of a valid user via /data/data/com.medhaapps.wififtpserver/shared_prefs/com.medhaapps.wififtpserver_preferences.xml
CVE-2019-11459
PUBLISHED: 2019-04-22
The tiff_document_render() and tiff_document_get_thumbnail() functions in the TIFF document backend in GNOME Evince through 3.32.0 did not handle errors from TIFFReadRGBAImageOriented(), leading to uninitialized memory use when processing certain TIFF image files.
CVE-2019-11460
PUBLISHED: 2019-04-22
An issue was discovered in GNOME gnome-desktop 3.26, 3.28, and 3.30 prior to 3.30.2.2, and 3.32 prior to 3.32.1.1. A compromised thumbnailer may escape the bubblewrap sandbox used to confine thumbnailers by using the TIOCSTI ioctl to push characters into the input buffer of the thumbnailer's control...
CVE-2019-8452
PUBLISHED: 2019-04-22
A hard-link created from log file archive of Check Point ZoneAlarm up to 15.4.062 or Check Point Endpoint Security client for Windows before E80.96 to any file on the system will get its permission changed so that all users can access that linked file. Doing this on files with limited access gains t...