Sergiu Gatlan reports: A critical Windows zero-day vulnerability, known as Follina and still waiting for an official fix from Microsoft, is now being actively exploited in ongoing phishing attacks to infect recipients with Qbot malware. Proofpoint first reported Monday that the same zero-day was used in phishing targeting US and EU government agencies. Read more at BleepingComputer.
Author: Dissent
Aurora pays $6 mn bug bounty to ethical hacker
Shashank Bhardwaj reports: Aurora, the bridging and scaling solution for Ethereum (ETH), announced on Tuesday that it had given a $6 million bug bounty to an ethical security hacker by the name of pwning.eth for discovering a critical vulnerability in the Aurora Engine. The bounty was paid by Aurora in collaboration with Immunefi, which is…
California Attorney General Reminds Health App Providers of Obligations to Protect Reproductive Health Information
Hunton Andrews Kurth writes: On May 26, 2022, California Attorney General Rob Bonta issued a press release reminding health app providers that California’s Confidentiality of Medical Information Act (“CMIA”) applies to mobile apps that are designed to store medical information, which includes health apps such as fertility trackers. The press release reminds health app providers that the…
SSNDOB Marketplace, A Series Of Websites That Listed More Than 20 Million Social Security Numbers For Sale, Seized And Dismantled In International Operation
Tampa, Florida – United States Attorney Roger B. Handberg, along with Special Agent in Charge Darrell Waldon for the IRS – Criminal Investigation Washington D.C. Field Office, and Special Agent in Charge David Walker for the FBI – Tampa Division, today announced the seizure of the SSNDOB Marketplace, a series of websites that operated for…
Shields Health Care Group notifies 2,000,000 patients after hack
Shields Health Care Group, Inc. (“Shields”) provides management and imaging services for dozens of covered entities in New England. On March 28, 2022, Shields was alerted to suspicious activity that may have involved data compromise. Their investigation discovered that an unknown threat actor had access to certain systems between March 7 and March 21 and…
Leaking Student Data From US Campus App Found — But is It Real?
Another day, another leak. Another leak, another entity claiming it’s not real data. Another leak, another frustrating experience trying to responsibly disclose. According to Safety Detectives, they found exposed data related to an app called Transact Campus: Transact Campus’ technology integrates several payment functions into a single mobile platform to power student purchases at higher…