U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

Unprotected server of Oklahoma Department of Securities exposes millions of government files

A huge trove of data belonging to the Oklahoma Department of Securities (ODS) was left unsecured on a server for at least a week. Another data leak made the headlines, a huge trove of data belonging to the Oklahoma Department of Securities (ODS) was left unsecured on a server for at least a week. It […]

Oklahoma Department

A huge trove of data belonging to the Oklahoma Department of Securities (ODS) was left unsecured on a server for at least a week.

Another data leak made the headlines, a huge trove of data belonging to the Oklahoma Department of Securities (ODS) was left unsecured on a server for at least a week.
It is not clear how long data were left exposed online, according to the Shodan search engine, the server had been publicly open since at least November 30, 2018.

The unsecured storage server was discovered by security expert Greg Pollock from UpGuard, it contained 3 terabytes of data including millions of sensitive Government files and years worth of sensitive FBI investigations.

Other documents included social security numbers, names, and addresses
for over a hundred thousand brokers, credentials for remote access to ODS workstations, and communications meant for the Oklahoma Securities Commission.

The server also included email backups from 1999 to 2016, the largest and most recent reaching 16GB in size.

The exposed information includes passwords that could have used by an attacker to remotely access the state agency’s workstations, and credentials to access several internet services.

Digging in the archive it is also possible to find information related to people with AIDS including patient names and T cell counts.

Oklahoma Department

“By the best available measures of the files’ contents and metadata, the data was generated over decades, with the oldest data originating in 1986 and the most recent modified in 2016,” reads a blog post published by UpGuard.

“The data was exposed via an unsecured rsync service at an IP address registered to the Oklahoma Office of Management and Enterprise Services, allowing any user from any IP address to download all the files stored on the server.”

UpGuard immediately notified the discovery to the ODS department, the storage server was secured by the agency.

The Oklahoma Securities Commission published a press release to disclose the data leak, it announced that a forensic team is still investigating the case.

“The Oklahoma Department of Securities (ODS) has initiated a comprehensive review of the circumstances surrounding an incident involving the inadvertent exposure of information during installation of a firewall.” reads the press release.

“An accidental vulnerability of limited duration to a server containing archived data was discovered and immediately secured. The ODS has notified law enforcement and OMES regarding the incident. A forensic team is currently conducting an analysis to determine the type and number of data files that may have been exposed and who may have accessed them.”

[adrotate banner=”9″] [adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – Oklahoma Department, data leak)

[adrotate banner=”5″]

[adrotate banner=”13″]