Dan Robinson reports: Many security breaches involve leaks, but not perhaps in the same way as one revealed by noted security consultant Andrew Tierney, who managed to gain unauthorized access to a datacenter via what he delightfully terms the “piss corridor.” Tierney, who works as a consultant for security services outfit Pen Test Partners, revealed in…
Category: Commentaries and Analyses
Chinese hackers targeting Russian government, telecoms: report
Jonathan Greig reports: Chinese hacking groups are targeting the Russian government and organizations in the telecommunications industry, according to a new report from cybersecurity company SentinelOne. The report found that there has been a noticeable increase in Russian targeting by suspected Chinese threat actors. Tom Hegel, senior threat researcher at SentinelOne, attributed the targeting to state-sponsored espionage…
North Korea is targeting hospitals with ransomware, U.S. agencies warn
Kevin Collier reports: The U.S. government said Wednesday that North Korea is behind a recent strain of ransomware cyberattacks on hospitals and other health care facilities. The warning is the starkest alert to date that North Korea, which the U.S. has long alleged uses its hackers to raise money for state programs like its nuclear weapons…
Hungarian authority fines data controller EUR 7,500 data breach and rules free online services not suitable for high-risk processing
Dóra Petrányi, Katalin Horváth, Márton Domokos, and Daniella Huszár of CMS Cameron McKenna Nabarro Olswang LLP write: In the latest decision of the National Authority for Data Protection and Freedom of Information (NAIH), a data controller for a political party, responsible for a data breach where six Excel files were made publicly available through a…
EXCLUSIVE: Marriott hacked again? Yes. Here’s what we know.
On June 28, DataBreaches received a message from an unrecognized sender. The subject was: “Breach of Marriott hotels! Very Important!” DataBreaches’ first thought was, “Seriously? Is this yet another breach involving Marriott or are some kids just trying to leak old data?” As it turned out, this was, in fact, a new breach. But how…
CISA Alert (AA22-181A): MedusaLocker
CISA Alert: (AA22-181A) #StopRansomware: MedusaLocker Summary Actions to take today to mitigate cyber threats from ransomware: • Prioritize remediating known exploited vulnerabilities. • Train users to recognize and report phishing attempts. • Enable and enforce multifactor authentication. Note: this joint Cybersecurity Advisory (CSA) is part of an ongoing #StopRansomware effort to publish advisories for network defenders…