Sergiu Gatlan reports: The FBI and CISA revealed in a joint advisory published today that an unnamed Iranian-backed threat group hacked a Federal Civilian Executive Branch (FCEB) organization to deploy XMRig cryptomining malware. The attackers compromised the federal network after hacking into an unpatched VMware Horizon server using an exploit targeting the Log4Shell (CVE-2021-44228) remote code execution…
Author: Dissent
TX: Dallas Central Appraisal District Systems Still Down a Week After Ransomware Attack
Jacob Vaughn reports: The website, servers and email for the Dallas Central Appraisal District, or DCAD, have been inaccessible after the entire system was attacked by hackers last week. DCAD, which appraises Dallas County properties for tax purposes, announced early last week on social media that it was the victim of a ransomware attack, and it…
District of Massachusetts Dismisses Data Breach Class Action for Lack of Injury
Melanie A. Conroy of Pierce Atwood LLP writes: On October 18, 2022, in Webb v. Injured Workers Pharmacy, LLC, the District of Massachusetts dismissed a class action complaint brought by former pharmacy patients alleging that their sensitive personal information had been exposed in a data breach affecting more than 75,000 customers. In its analysis, the court determined that…
In: Karnataka: Congress alleges voters’ data theft, seeks CM Bommai’s resignation
ANI reports: Bangalore (Karnataka) [India], November 17 (ANI): The Congress on Thursday launched an attack against Karnataka Chief Minister Basavaraj Bommai alleging that he was directly involved in electoral fraud that has come to light in Bengaluru. “Shocking expose reveals that those in citadels of power, including Karnataka CM Basavaraj Bommai, are responsible for theft…
NY: Some internet restored after Albany schools hacked
News10 reports an update on the cyberattack that hit Albany schools in New York earlier this month: Students, faculty, and staff in the City School District of Albany who use Chromebooks to access the internet had their services restored on Monday. District systems and resources are still unavailable, though, for anyone using desktops or laptops,…
To Detail or Not: The Breach Notification Conundrum
Matt Fisher has a post on a topic near and dear to DataBreaches’ heart: how much detail to include in a brief notification. Matt covers the minimum requirements, as mandated by HIPAA, but then starts to consider more complex situations. He writes, in part: Without being able to cover every scenario or nuance, there are…