A compromise of an account has led to improper downloads of a large number of crash records, and the Texas Department of Transportation (TxDOT) is working to notify those affected.
On May 12, 2025, TxDOT identified unusual activity in its Crash Records Information System (CRIS). Further investigation revealed the activity originated from an account that was compromised and used to improperly access and download nearly 300,000 crash reports. TxDOT immediately disabled access from the compromised account.
Personal information included in crash records may contain: first and last name, mailing and/or physical address, driver license number, license plate number, car insurance policy number and other information. Notification, in this case, is not required by law, but TxDOT has taken proactive steps to inform the public by sending letters to notify the impacted individuals whose information was included in the crash reports.
If you received
a
letter about this matter, please call the dedicated assistance line at 1-833-918-5951 (toll-free), Monday through Friday, from 8 a.m. – 8 p.m. Central Time (excluding U.S. holidays). Please be prepared to provide the engagement number included in the letter.
TxDOT is implementing additional security measures for accounts to help prevent similar incidents in the future. The compromise is under investigation.
A help desk phishing campaign targets an organization's Microsoft Active Directory Federation Services (ADFS) using spoofed login pages to steal credentials and bypass multi-factor authentication (MFA) protections.
#ADFS #Account #Computer #InfoSec #Lateral #MFA #Microsoft #Notification #Phishing #Push #Security #Takeover
Security researchers have discovered an arbitrary account takeover flaw in Subaru's Starlink service that could let attackers track, control, and hijack vehicles in the United States, Canada, and Japan using just a license plate.
#Account #Canada #Car #Computer #Hacking #InfoSec #Japan #Security #Starlink #Subaru #Takeover #USA
The Cybersecurity and Infrastructure Security Agency (CISA) and the Multi-State Information Sharing & Analysis Center (MS-ISAC) conducted an incident response assessment of a state government organization’s network environment after documents containing host and user information, including metadata, were posted on a dark web brokerage site. Analysis confirmed that an unidentified threat actor compromised network administrator credentials through the account of a former employee—a technique commonly leveraged by threat actors—to successfully authenticate to an internal virtual private network (VPN) access point, further navigate the victim’s on-premises environment, and execute various lightweight directory access protocol (LDAP) queries against a domain controller.[1] Analysis also focused on the victim’s Azure environment, which hosts sensitive systems and data, as well as the compromised on-premises environment. Analysis determined there were no indications the threat actor further compromised the organization by moving laterally from the on-premises environment to the Azure environment.
Team82 has uncovered the use of a weak random number generator in Synology’s DiskStation Manager (DSM) Linux-based operating system running on the company’s network-attached storage (NAS) products
The insecure Math.random() method was used to generate the password of the admin password for the NAS device itself.
Under some rare conditions, an attacker could leak enough information to restore the seed of the pseudorandom number generator (PRNG), reconstruct the admin password, and remotely take over the admin account.
The vulnerability, tracked as CVE-2023-2729, has been addressed by Synology. Synology’s advisory is here.