Catalin Cimpanu reports: A security researcher has published today details about four zero-day vulnerabilities impacting an IBM security product after the company refused to patch bugs following a private bug disclosure attempt. The bugs impact the IBM Data Risk Manager (IDRM), an enterprise security tool that aggregates feeds from vulnerability scanning tools and other risk management…
Month: April 2020
Supreme Court to Consider Whether Improper Data Access Violates Computer Crime Law
From EPIC.org: The Supreme Court will decide whether a person who is authorized to access data for some purposes violates the Computer Fraud and Abuse Act if they access the information for other purposes. The case, Van Buren v. United States, concerns a police officer who accessed a law enforcement database to sell the information to…
Southern Ute Indian Tribe says U.S. Treasury Dept. leaked confidential information
The Durango Herald reports: The Southern Ute Indian Tribe is demanding an investigation into the U.S. Treasury Department after the tribe said the department leaked confidential tribal information given to it as part of an effort to obtain funds under the Coronavirus Aid, Relief and Economic Security Act. On Monday, all state, local and tribal…
UniCredit Hackers Try to Sell Employee Data on Cyber-Crime Forums
Daniele Lepido and Sonia Sirletti report: Data on about 3,000 UniCredit SpA employees was put up for sale on cyber-crime forums after a hacking attack. The data went on sale on April 19 and contained what the hacker said was information on UniCredit workers, including emails, phone numbers, encrypted passwords and names, Telsy, a unit…
CISI payment breach leaves members vulnerable to fraud
Robbie Lawther reports: The Chartered Institute for Securities and Investments (CISI) has confirmed that some of its members may have had their financial information stolen after “malicious code” was inserted on its website. It comes after the professional body was made aware that members were noticing fraudulent activity on their credit/debit cards after a payment…
Brandywine Counseling and Community Services notifies patients of ransomware incident
Brandywine Counseling and Community Services, Inc. disclosed a breach. Note that this is not the Brandywine Urology breach recently disclosed but a different entity and a different breach. DataBreaches.net has reached out to Brandywine Counseling to ask for clarification on certain details, but has not received any response by publication time. This incident is not…