Commentaries and Analyses – Page 118

Pointed to a phishing campaign targeting the healthcare sector, Microsoft leaps into action to … not even investigate?!

Posted on July 24, 2023 by Dissent

The relaxing Sunday I was looking forward to did not quite work out as planned. Dutch researcher and all-around good-guy Jelle Ursem (aka @SchizoDuckie) got in touch with me about what appeared to him to be a sketchy site allegedly by a well-known prescription management entity. After a few minutes of checking, there was no…

1st Circuit confirms standing for data breach victims

Posted on July 22, 2023 by Dissent

Orrick, Herrington & Sutcliffe LLP write: On June 30, the U.S. Court of Appeals for the First Circuit overruled a district court’s dismissal of a putative class action against a home delivery pharmacy service for allegedly failing to prevent a 2021 data breach that exposed the personally identifiable information (PII) of over 75,000 patients. The class…

Hundreds of children’s medical documents found along Cape Coral streets

Posted on July 22, 2023 by Dissent

Justin Kase and Rachel Murphy report: Hundreds of children’s private records were littered along the streets of Cape Coral. Police picked up most of the documents after they were reported Friday. Read more at WINK News. From the transcript and the video of the news, it appears that these are likely student health records held…

CISA Advisory: Threat Actors Exploiting Citrix CVE-2023-3519 to Implant Webshells

Posted on July 21, 2023 by Dissent

Release Date: July 20 Alert Code: AA23-201A Summary The Cybersecurity and Infrastructure Security Agency (CISA) is releasing this Cybersecurity Advisory to warn network defenders about exploitation of CVE-2023-3519, an unauthenticated remote code execution (RCE) vulnerability affecting NetScaler (formerly Citrix) Application Delivery Controller (ADC) and NetScaler Gateway. In June 2023, threat actors exploited this vulnerability as…

Clop gang to earn over $75 million from MOVEit extortion attacks

Posted on July 21, 2023 by Dissent

Lawrence Abrams takes us through a recent Coveware report on Clop’s shifting strategies and how recent trends in exfiltration-only have impacted the amount of ransom victims are paying. Read his article on BleepingComputer. Related: Coveware: Ransom Monetization Rates Fall to Record Low Despite Jump In Average Ransom Payments

How we tried to book a train ticket and ended up with a databreach with 245,000 records

Posted on July 21, 2023 by Dissent

To celebrate Franco-German friendship, German Transport Minister Wissing and his French counterpart Beaune came up with something special: 30,000 free Interrail tickets per country for travel in Germany and France for young adults between 18 and 27. Codename: “Passe France Allemagne” However, many things went wrong when the Interrail passes were distributed. In the following, we want…