Catalin Cimpanu reports: A NASA web app leaked details such as employee usernames, names, email addresses, and project names, ZDNet has learned today from bug hunter Avinash Jain. The exposure originated from one of NASA’s Jira installations, a web app that most companies use for tracking projects or internal bugs and issues. In a report…
Month: January 2019
Massachusetts Enacts Significant Changes to Its Data Breach Notification Law
David M. Brown of Baker Hostetler writes: On Jan. 10, 2019, Massachusetts Gov. Charlie Baker signed legislation that will significantly amend the state’s data breach notification law. The amendments become effective on April 11, 2019. One of the significant changes includes a new requirement to provide an offer of complimentary credit monitoring for “a period…
PH: Locsin says ‘pissed’ contractor ‘took all’ passport data
Updated January 15: Locsin subsequently clarified his claim and said that no data had been removed or stolen, but had been made inaccessible. See this report. Original post: Katrina Domingo reports: MANILA – Some Filipinos renewing their passports may have to present their birth certificates as an additional requirement after a passport production contractor the…
Member of Anonymous sentenced to 10 years’ prison over hospital DDoS
Nate Raymond reports that the Martin Gottesfeld has been sentenced to more than 10 years in prison and $443,000 in restitution for his DDoS attack on Boston Children’s Hospital and another facility in 2014. Gottesfeld had been convicted on August 1, and had shown no remorse for his actions. According to prosecutors, in late 2013,…
A Nasty Trick: From Credential Theft Malware to Business Disruption
Kimberly Goody, Jeremy Kennelly, Jaideep Natu, Christopher Glyer write: FireEye is tracking a set of financially-motivated activity referred to as TEMP.MixMaster that involves the interactive deployment of Ryuk ransomware following TrickBot malware infections. These operations have been active since at least December 2017, with a notable uptick in the latter half of 2018, and have…
UK hacker “BestBuy” sentenced for Mirai botnet attack on Lonestar
Catalin Cimpanu does some great reporting on the sentencing of “BestBuy:” A UK court sentenced today a 30-year-old man to two years and eight months in prison for using a DDoS botnet to viciously attack and take down internet connectivity in Liberia in the fall of 2016. The man is 30-year-old Daniel Kaye, also known…