Philip Bridge writes: […] The Information Commissioner’s Office (ICO) has been keen to change the perception that a data breach can only occur through the actions of someone outside the organisation. Instead, it defines a breach as “any event that results in the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal…
Month: February 2021
One of the World’s Most Prolific Cybercriminals Has Retired – And May Well Be a Bitcoin Billionaire
Hundreds of millions of cards have been stolen from online retailers, banks and payments companies before being sold for cryptocurrency on dozens of online marketplaces. According to Elliptic’s analysis, the founder of one of the most popular carding marketplaces, Joker’s Stash, has retired having amassed a fortune of over $1 billion. Read this article by…
Threat actors claim to have stolen Jones Day files; law firm remains quiet
Over on AdvIntel, Tyler Combs has a post about threat actors attacking law firms. Many of us are already aware of a number of law firms who have been attacked and who have had their firm’s files dumped publicly when they refused to pay ransom demands, but if the biggest law firms fall prey, what…
mHealth Apps Expose Millions to Cyberattacks
Becky Bracken reports: Some 23 million mobile health (mHealth) application users are exposed to application programming interface (API) attacks that could expose sensitive information, according to researchers. Generally speaking, APIs are an intermediary between applications that defines how they can talk to one another and allowing them to swap information. Researcher Alissa Knight with Approov…
Terrorist hackers target Atlassian & Oracle servers
Edward Kost writes: Volatile Cedar, a cybercriminal group affiliated with the Hezbollah Cyber Unit, has resurfaced after disappearing for almost 6 years. The criminal group was suddenly illuminated on the radar after suspicious activity on Oracle and Atlassian servers was discovered. Volatile cedar breached unpatched Atlassian and Oracle servers by exploiting the following vulnerabilities – CVE-2012-3152, CVE-2019-11581,…
The Netherlands: 440,000 EUR fine for hospital for inadequate authentication and logging
Demi Rietveld and Richard van Schaik of DLA Piper write: The Dutch Data Protection Authority (Autoriteit Persoonsgegevens, “Dutch DPA”) has published its decision to impose an administrative fine of EUR 440,000 on Amsterdam hospital OLVG due to the lack of sufficient measures to prevent access to medical records by unauthorised personnel. After complaints, the Dutch…