BlueLeaks' Data Dump Exposes 269GB of Files From Hundreds of Police Departments

Distributed Denial of Secrets (DDoSecrets), a hacktivist group described as an alternative to WikiLeaks, has posted BlueLeaks, "ten years of data from over 200 police departments, fusion centers and other law enforcement training and support resources. Among the hundreds of thousands of documents are police and FBI reports, bulletins, guides and more."

The files are available, KrebsOnSecurity reports, in a searchable database. The National Fusion Center Association (NFCA) has confirmed the data's validity, saying the leaked files were compiled between August 1996 and June 19, 2020, which covers more than the decade DDoSecrets claimed in their tweeted communiqué. The breach appears to originate with a third party: NCFA believes the data were probably taken from Netsential (a contractor widely used by state fusion centers) by someone who gained entrance to the system using compromised user credentials.

Full article: https://thecyberwire.com/newsletters/daily-briefing/9/120

 

 

Internet Based Devices May Have Issues Following SSL Certificate Expiration

Recently, a number of Roku streaming channels mysteriously stopped working, leaving customers scratching their heads trying to figure out what went wrong.

After some research, Roku's support staff discovered that the issue stemmed from a global certificate expiration.

They advised impacted customers to update their certificates manually by visiting the company's website and following the instructions posted there.

 

Full article: https://www.aimcybersecurity.com/2020/06/20/internet-based-devices-may-have-issues-following-ssl-certificate-expiration/

 

Nintendo Switch User Information

A couple of months ago, Nintendo announced that their Switch gaming and live streaming service had been hacked, and as a result, some 160,000 user accounts had been compromised. As the company has continued their investigation into the incident, however, they've updated their disclosure, revealing that an additional 140,000 accounts were compromised, bringing the total to just over 300,000.

The information gained as a result of the hack includes screen names, dates of birth, the email addresses associated with each account, location, and gender data. If there's a silver lining to be found in the incident, it is the fact that credit card information does not appear to have been accessed.

 

Full Article: https://www.aimcybersecurity.com/2020/06/19/nintendo-switch-user-information-breach-affected-over-300000-users/

This New Malware Is Hitting Exchange Servers To Steal Info

In late 2019, a new strain of malware called "Valak" was detected. In the six months that followed its initial discovery in the wild, more than 30 variants of the code were detected.

Initially, Valak was classified as a simple loading program.

As various groups have tinkered with the code, it has morphed into a much more significant threat, and is now capable of stealing a wide range of user information. That is, in addition to retaining its original capabilities as a loader.

 

Full Article: https://www.aimcybersecurity.com/2020/06/16/this-new-malware-is-hitting-exchange-servers-to-steal-info/

 

 

Major Security Flaw Found In Some Cisco Routers

Recently, Cisco disclosed the existence of four serious security flaws in their routers that use iOS and iOS XE software. One of the four, CVE-2020-3227 is rated at a severity of 9.8 out of 10.

It allows a remote attacker without credentials to execute commands to the operating software without proper authorization, which in turn, allows a hacker to take complete control over the system.

Full Article: https://www.aimcybersecurity.com/2020/06/10/major-security-flaw-found-in-some-cisco-routers/