Hackers Target Sports Training Clinic, N.C. State; Alabama and Oklahoma Accidentally Leak Security-Sensitive Data

From NextGov:

In case you missed our coverage this week in ThreatWatchNextgov’s regularly updated index of cyber breaches:

Sports Clinic Owner Alleges MLB Hacked His Social Media Presence

DNA Sports Labs, a training and sports science lab in Florida, relied on social media, including YouTube and Facebook for advertising, and depended on PayPal for sales transactions.

The lab’s owner Neiman Nix now alleges in a lawsuit filed in federal court July 14 that Major League Baseball attacked him online over a belief that he was “selling illegal substances to MLB players” and in so doing, ruined his business.

A computer expert Nix hired traced attacks on his YouTube page and his Facebook page to an IP address in New York “where MLB is located,” Nix’s suit states. 

Nix also claims Neil Boland — currently the league’s vice president of information security — personally directed the hack attack. 

MLB released a statement saying, in part, “the allegations in this lawsuit, including the allegations relating to the hacking of DNA Sport Lab’s social media accounts, to be sanctionable under New York law.” 

Improperly Set Up Database Exposed Oklahoma Police, Bank to Physical Intruders

The goof was discovered by security researcher Chris Vickery.

But not before the leaky database potentially compromised the physical security of multiple Oklahoma Department of Public Safety facilities and at least one Oklahoma bank, the Daily Dot reports.

Vickery said he discovered the flawed system one day before the July 7 Dallas police shooting, which claimed the lives of five officers. He initially was concerned about publicly disclosing a vulnerability that could affect law enforcement.

“I was very cautious at first about it,” he said, “but I decided the risk of doing harm with the information I was putting out there wasn’t that great.”

Vickery provided the Daily Dot with images from the database, which were accessible without a username or password. The photos show …

Continue Reading