The Yemen Cyber Army (YCA) has released more data from its hack of the Saudi Ministry of Foreign Affairs (previous coverage here and here). Media sources reported after the first disclosure that Riyadh confirmed the internal Internet network attack but disputed the extent of the hack. At this rate, their protestations might want to be walked…
Month: May 2015
Jersey City Medical Center employee gaffe exposed patients’ PHI in e-mail attachment
Add Jersey City Medical Center to entities experiencing an e-mail breach of PHI. From their statement of April 20, 2015: On February 19, 2015, as part of routine hospital operations, an employee of Jersey City Medical Center accidentally sent an e-mail meant for internal use that included an attached spreadsheet with some patient information to…
Stegosploit hides malicious code in images, this is the future
Pierluigi Paganini reports: The security researcher Saumil Shah from Net Square security has presented at Hack In The Box conference in Amsterdam his Stegosploit project which allows an attacker to embed executable JavaScript code within an image to trigger a drive-by download. The Stegosploit digital steganography project could open new scary scenarios for Internet users that could be infected by viewing a picture on…
HOLA vpn sells users’ bandwidth, founder confirms
Andy writes: The operator of 8chan says the bandwidth of millions of Hola users is being sold for reuse, with some of it even being used to attack his site. Speaking with TorrentFreak, Hola founder Ofer Vilenski says that users’ idle resources are indeed utilized for commercial sale, but that has been the agreement all…
Update: Boyd Hospital recovers records that had become new building owner’s property
HIPAA Journal has an update to a situation I had previously noted on this site – a hospital that failed to remove stored medical records from a building before its new owner took possession – despite, the new owner says, repeated calls on his and a realtor’s part alerting them to the situation. The hospital attempted…
Small businesses trashed in big “Grabit” malware campaign
Darren Pauli reports: Kaspersky researcher Ido Noar says attackers have hit hundreds of small and medium businesses, stealing credentials and documents in a noisy smash-and-grab campaign. Noar says criminals have stolen some 10,000 documents from nanotechnology, education, and media outfits in an attack that foists a newly-discovered strain of malware called “Grabit”. Read more on…