Brian Krebs writes: Every time there is another data breach, we are asked to change our password at the breached entity. But the reality is that in most cases by the time the victim organization discloses an incident publicly the information has already been harvested many times over by profit-seeking cybercriminals. Here’s a closer look…
Author: Dissent
Follow-up: Woman Who Stole and Sold Protected Health Information Sentenced to 2 ½ Years in Prison
There was a follow-up last week to a case DataBreaches.net has reported on several times, beginning in December, 2020 when Demetrius Cervantes, 46, of McKinney, and Amanda Lowry, 40, of Sherman, Texas pleaded guilty to conspiracy to obtain protected health information from a protected computer. A third conspirator, Lydia Henslee, faced additional charges and subsequently…
EE: Threat actor downloads close to 300,000 personal ID photos
ERR News reports: A hacker was able to obtain over 280,000 personal identity photos following an attack on [Estonia’s] state information system last Friday. The suspect is reportedly a resident of Tallinn. The culprit had already obtained personal names and ID codes and was able to obtain a third component, the photos, by making individual…
McAfee: Babuk ransomware decryptor causes encryption ‘beyond repair’
Jonathan Greig reports that a new report from McAfee Advanced Threat Research gives horrible reviews to Babuk’s cross-platform binary — so horrible that not only should victims not pay them, but affiliates should avoid them. “It seems that Babuk has adopted live beta testing on its victims when it comes to its Golang binary and…
Biden Directs Agencies to Develop Cybersecurity Standards for Critical Infrastructure
Dustin Volz reports: WASHINGTON—President Biden on Wednesday issued a new directive instructing federal agencies to develop voluntary cybersecurity goals for companies that operate U.S. critical infrastructure, a move that came as senior officials said the administration was exploring the possibility of pursuing mandatory standards. Read more on WSJ. Related: Biden Moves to Reinforce Critical Infrastructure…
Feds list the top 30 most exploited vulnerabilities. Many are years old
Dan Goodin reports: Government officials in the US, UK, and Australia are urging public- and private-sector organizations to secure their networks by ensuring firewalls, VPNs, and other network-perimeter devices are patched against the most widespread exploits. In a joint advisory published Wednesday, the US FBI and CISA (Cybersecurity and Infrastructure Security Agency), the Australian Cyber Security Center,…