Solomon Klappholz reports: Snowflake has pinned the blame on a series of high-profile data breaches in recent days on customers failing to adequately secure production environments by using two-factor authentication. In a statement on 2 June 2024, Snowflake CISO Brad Jones pushed back on claims that major data breaches involving Ticketmaster and Santander were caused by a vulnerability or misconfiguration in Snowflake’s platform. […] Cyber crime intelligence…
Author: Dissent
HHS OCR: Covered entities affected by the Change Healthcare breach may delegate tasks of providing HIPAA breach notifications to Change Healthcare
May 31 – Today, the U.S. Department of Health and Human Services’ (HHS) Office for Civil Rights (OCR) published an update to the frequently asked questions (FAQs) webpage concerning the Change Healthcare cybersecurity incident. The webpage, first published on April 19, 2024, provides answers to FAQs concerning the Health Insurance Portability and Accountability Act of 1996 (HIPAA)…
Santander customers’ private data put up for sale for $2m by hackers
The Guardian reports: Hackers are attempting to sell confidential information including the bank and credit card numbers of millions of Santander customers to the highest bidder. ShinyHunters posted an advert on a hacker forum for the data, which it says also includes staff HR details, with an asking price of $2m (£1.6m). It is the…
WD & Associates had a breach in February 2023. Individuals still haven’t been notified.
From a summary of Rhode Island’s data breach notification law, as summarized by PerkinsCoie: Notification Obligation. Any Entity to which the statute applies shall provide notification of (i) any disclosure of PI or (ii) any breach of the security of the system, that poses a significant risk of identity theft to any resident of RI whose unencrypted PI…
‘Operation Endgame’ Hits Malware Delivery Platforms
Brian Krebs reports: Law enforcement agencies in the United States and Europe today announced Operation Endgame, a coordinated action against some of the most popular cybercrime platforms for delivering ransomware and data-stealing malware. Dubbed “the largest ever operation against botnets,” the international effort is being billed as the opening salvo in an ongoing campaign targeting advanced…
911 S5 Botnet Dismantled and Its Administrator Arrested in Coordinated International Operation
A court-authorized international law enforcement operation led by the U.S. Justice Department disrupted a botnet used to commit cyber attacks, large-scale fraud, child exploitation, harassment, bomb threats, and export violations. As part of this operation, YunHe Wang, 35, a People’s Republic of China national and St. Kitts and Nevis citizen-by-investment, was arrested on May 24…