Edward Booth and Howard Yune report: The Napa Valley College website and network systems were knocked offline as the result of a ransomware attack roughly two weeks ago, a spokesperson for the school has confirmed. Napavalley.edu was still dark as of Saturday afternoon, as NVC continued an investigation that began shortly after the site vanished…
Author: Dissent
Politically motivated cyberattacks by different groups hit Iran steel company and Lithuanian networks
It’s easy to lose track of news elsewhere when every day brings new dramatic headlines here n the U.S., but there have been cyberattacks of note in both Iran and Lithuania this week. Both attacks have been attributed to politically motivated groups, although the attributions have not yet been confirmed: a group calling itself “Gonjeshke…
Dangerous Ruling Says If Someone Goes Onto Your Openly Shared Google Drive, You Can Sue Them For Unauthorized Access
Mike Masnick writes: If you accidentally leave your Google Drive accessible to anyone with the URL, and someone goes there and deletes stuff, is that “unauthorized access” and a violation of the CFAA? To me, the answer should be absolutely not. But in this recent ruling the judge went the other direction (first noted by Evan Brown). So,…
GAO: HHS Needs Improved Data Breach Reporting
Frank Konkel reports: The Government Accountability Office is recommending the Department of Health and Human Services establish a feedback mechanism to improve the effectiveness of its data breach reporting process. The singular recommendation, issued in a June 27 audit, follows a significant increase in the number of data breaches involving unsecured protected health information at HHS….
LockBit 3.0 introduces the first ransomware bug bounty program
Lawrence Abrams reports: The LockBit ransomware operation has released ‘LockBit 3.0,’ introducing the first ransomware bug bounty program and leaking new extortion tactics and Zcash cryptocurrency payment options. […] LeMagIT’s Valery Marchive discovered that the LockBit 3.0 operation is utilizing a new extortion model, allowing threat actors to buy data stolen during attacks. One of the…
Over 900,000 Kubernetes instances found exposed online
Bill Toulas reports: Over 900,000 misconfigured Kubernetes clusters were found exposed on the Internet to potentially malicious scans, some even vulnerable to data-exposing cyberattacks. […] Researchers at Cyble have conducted an exercise to locate exposed Kubernetes instances across the itnernet, using similar scanning tools and search queries to those employed by malicious actors. The results show a…