Hackin9

(credit: DailyDot)

FBI agents, one armed with an assault weapon, reportedly raided the home of a security professional who discovered sensitive data for 22,000 dental patients was available on the Internet, according to a report published Friday.

Justin Shafer, who is described as a dental computer technician and software security researcher, reportedly said the raid happened on Tuesday at 6:30am as he, his wife, and three young children were sleeping. He said it started when his doorbell rang incessantly and someone banged hard on his door. According to Friday's report:

“My first thought was that my dad had died,” Shafer told Daily Dot in a phone interview, “but then as I went to the door, I saw all the flashing blue and red lights.”

With the baby crying in fear from the racket, Shafer opened the door to find what he estimated to be 12 to 15 FBI agents. One was “pointing a ‘big green’ assault weapon at me,” Shafer told Daily Dot, “and the baby’s crib was only feet from the door.”

The agents allegedly ordered Shafer to put his hands behind his back. As they handcuffed him, his 9-year-old daughter cried in terror, Shafter said, and his wife tried to tell the agents that there were three young children in the house.

Once handcuffed, Shafer was taken outside, still in his boxer shorts, still not knowing what was going on or why.

Over the next few hours, the agents seized all of Shafer’s computers and devices—“and even my Dentrix magazines,” Shafer said. “The only thing they left was my wife’s phone.” The seized property list, a copy of which was provided to Daily Dot, shows that federal agents took 29 items.

Enter Eaglesoft

A FBI agent told Shafer the raid stemmed from an incident in February, when Shafer discovered a file transfer protocol server operated by Eaglesoft, a provider of dental practice management software. The FTP server reportedly stored patient data in a way that made it easily accessible to anyone. Shafer contacted DataBreaches.net and asked for help privately notifying the software maker, and once the patient data was secured, the breach notification site published this disclosure. In a blog post of his own, Shafer later discussed the FTP lapse and a separate Eaglesoft vulnerability involving hard-coded database credentials.

Read 3 remaining paragraphs | Comments

 

FBI Warns of Keyloggers Disguised as USBs
Infosecurity Magazine
The FBI is warning that stealthy keystroke loggers could disguise themselves as innocent USB drives or phone chargers—while in reality uploading all input typed into a keyboard by the user. The Feds warned that since portable drives and the like are ...

and more »
 
[CVE-2016-4432] Apache Qpid Java Broker - authentication bypass
 

Techworm

Italian hacker has managed to successfully jailbreak Apple's iOS 9.3.3
Techworm
About Us. Techworm is a Security News Platform that centers around Infosec, Hacking, Xero-days, Malware, Vulnerabilities,Cyber Crime, DDoS, Surveillance and Privacy Issues and to keep you Informed and Secure.

and more »
 
[CVE-2016-3094] Apache Qpid Java Broker denial of service vulnerability
 
[SECURITY] [DSA 3587-1] libgd2 security update
 

Techworm

How to check your file integrity with Checksums (MD5, SHA, CRC32)
Techworm
About Us. Techworm is a Security News Platform that centers around Infosec, Hacking, Xero-days, Malware, Vulnerabilities,Cyber Crime, DDoS, Surveillance and Privacy Issues and to keep you Informed and Secure.

 
 
 

RSA: Cloud visibility, analytics crucial to enterprises
TechTarget
RSA's Rashmi Knowles said enterprises today are facing more obstacles than ever before to gain proper security visibility, thanks to the growing volume of data facing infosec teams. Knowles, chief security architect of RSA's EMEA (Europe, Middle East ...

 
 

SiliconANGLE (blog)

CSOs talk ransomware: Peril and profit | #expertANGLE
SiliconANGLE (blog)
“Ransomware has been in the news lately, but this could just as easily be a sustained DDoS. The point is, being .... Build your security measures, and operate your info sec program, with an assumption of breach, not an assumption of safety. Any apathy ...

and more »
 
[CVE-2016-2175] Apache PDFBox XML External Entity vulnerability
 

CSO Australia

The Sorcerer's Apprentice: AI as an amplifier of human failings
CSO Australia
For example, one system identified someone from news agency Al Jazeera as an operative for two opposing terrorist organisations. In simple ... Furthermore, Naughton says the use of AI to support infosec efforts should not be seen as a silver bullet ...

 

Techworm

G.Skill Trident Z DDR4 RAM sets a new overclocking record
Techworm
Gaming RAM are meant to be overclocked but some guys just love to go beyond the limits of overclocking. The component that was stressed today to achieve a new overclocking record was the G.Skill Trident Z gaming RAM. The gaming RAM comprised up ...

 
Internet Storm Center Infocon Status