Shashank Bhardwaj reports: Aurora, the bridging and scaling solution for Ethereum (ETH), announced on Tuesday that it had given a $6 million bug bounty to an ethical security hacker by the name of pwning.eth for discovering a critical vulnerability in the Aurora Engine. The bounty was paid by Aurora in collaboration with Immunefi, which is…
Category: Commentaries and Analyses
California Attorney General Reminds Health App Providers of Obligations to Protect Reproductive Health Information
Hunton Andrews Kurth writes: On May 26, 2022, California Attorney General Rob Bonta issued a press release reminding health app providers that California’s Confidentiality of Medical Information Act (“CMIA”) applies to mobile apps that are designed to store medical information, which includes health apps such as fertility trackers. The press release reminds health app providers that the…
SSNDOB Marketplace, A Series Of Websites That Listed More Than 20 Million Social Security Numbers For Sale, Seized And Dismantled In International Operation
Tampa, Florida – United States Attorney Roger B. Handberg, along with Special Agent in Charge Darrell Waldon for the IRS – Criminal Investigation Washington D.C. Field Office, and Special Agent in Charge David Walker for the FBI – Tampa Division, today announced the seizure of the SSNDOB Marketplace, a series of websites that operated for…
LockBit tries to get media’s attention for their response to a Mandiant analysis
One of the most hated threat intel companies in the world is Mandiant, and they are hated because they are often right. But this week, LockBit decided to respond in a somewhat different way to one of Mandiant’s recent claims. The ransomware group published a notice on their leak site yesterday saying that 356,841 files…
AU: Researcher finds ACY Securities leaking 60 GB of User Data
ACY Securities describes itself as one of Australia’s fastest growing multi-asset online CFD trading providers. But as first reported by HackRead, the trading firm was leaking 60 GB of user data until independent researcher Anurag Sen persisted in trying to alert them to a misconfigured elasticsearch database. As seen by Hackread, the data included personally…
What Counts as “Good Faith Security Research?”
Brian Krebs writes: The U.S. Department of Justice (DOJ) recently revised its policy on charging violations of the Computer Fraud and Abuse Act (CFAA), a 1986 law that remains the primary statute by which federal prosecutors pursue cybercrime cases. The new guidelines state that prosecutors should avoid charging security researchers who operate in “good faith” when finding and reporting…