Catalin Cimpanu reports: In a document published today, the European Commission has revealed that they don’t have any actual evidence of Kaspersky software being used for spying on behalf of the Russian government, as the US government alluded in 2017. The document was the Commission’s reply to a series of questions submitted by Gerolf Annemans,…
Month: April 2019
Five months after disclosing a patient PHI breach involving employee email accounts, Metrocare discloses a second, identical, breach?
On April 5, Metrocare Services in Texas notified HHS that it was notifying 5,290 clients of a breach. A notice on their web site explains: On February 6, 2019, we learned an unauthorized third party gained access into some Metrocare employees’ email accounts beginning on January 2019. We immediately took steps to secure the accounts…
Experts: Breach at IT Outsourcing Giant Wipro
Brian Krebs reports: Indian information technology (IT) outsourcing and consulting giant Wipro Ltd. [NYSE:WIT] is investigating reports that its own IT systems have been hacked and are being used to launch attacks against some of the company’s customers, multiple sources tell KrebsOnSecurity. Wipro has refused to respond to questions about the alleged incident. Read more on…
Morrisons granted permission for Supreme Court appeal over data breach ruling
Sebastian McCarthy reports: Morrisons has been granted permission to appeal to the Supreme Court after losing a major court case over a data leak. In October the UK’s fourth-biggest supermarket lost an appeal against a High Court ruling that concluded the firm was legally liable for a former employee leaking personal information about 100,000 staff…
Spear Phishing Campaign Targets Ukraine Government and Military; Infrastructure Reveals Potential Link to So-Called Luhansk People’s Republic
John Hultquist, Ben Read, Oleg Bondarenko, and Chi-en Shen of FireEye explain: In early 2019, FireEye Threat Intelligence identified a spear phishing email targeting government entities in Ukraine. The spear phishing email included a malicious LNK file with PowerShell script to download the second-stage payload from the command and control (C&C) server. The email was…
Don’t Acquire a Company Until You Evaluate Its Data Security
The new issue of Harvard Business Review has an article by Chirantan Chatterjee and D. Daniel Sokol. It begins: When Marriott International acquired Starwood in 2016 for $13.6 billion, neither company was aware of a cyber-attack on Starwood’s reservation system that dated back to 2014. The breach, which exposed the sensitive personal data of nearly 500…