Hunton Andrews Kurth writes: On May 26, 2022, California Attorney General Rob Bonta issued a press release reminding health app providers that California’s Confidentiality of Medical Information Act (“CMIA”) applies to mobile apps that are designed to store medical information, which includes health apps such as fertility trackers. The press release reminds health app providers that the…
Category: Commentaries and Analyses
SSNDOB Marketplace, A Series Of Websites That Listed More Than 20 Million Social Security Numbers For Sale, Seized And Dismantled In International Operation
Tampa, Florida – United States Attorney Roger B. Handberg, along with Special Agent in Charge Darrell Waldon for the IRS – Criminal Investigation Washington D.C. Field Office, and Special Agent in Charge David Walker for the FBI – Tampa Division, today announced the seizure of the SSNDOB Marketplace, a series of websites that operated for…
LockBit tries to get media’s attention for their response to a Mandiant analysis
One of the most hated threat intel companies in the world is Mandiant, and they are hated because they are often right. But this week, LockBit decided to respond in a somewhat different way to one of Mandiant’s recent claims. The ransomware group published a notice on their leak site yesterday saying that 356,841 files…
AU: Researcher finds ACY Securities leaking 60 GB of User Data
ACY Securities describes itself as one of Australia’s fastest growing multi-asset online CFD trading providers. But as first reported by HackRead, the trading firm was leaking 60 GB of user data until independent researcher Anurag Sen persisted in trying to alert them to a misconfigured elasticsearch database. As seen by Hackread, the data included personally…
What Counts as “Good Faith Security Research?”
Brian Krebs writes: The U.S. Department of Justice (DOJ) recently revised its policy on charging violations of the Computer Fraud and Abuse Act (CFAA), a 1986 law that remains the primary statute by which federal prosecutors pursue cybercrime cases. The new guidelines state that prosecutors should avoid charging security researchers who operate in “good faith” when finding and reporting…
Pysa shuttered its leak site before it ever dumped data from more than half a dozen schools. Here’s what we know so far.
The education sector has always been a relatively easy target for cybercriminals. One group in particular — Pysa — earned a reputation for its ransomware attacks on schools. Despite analyses and alerts in March, 2021 by threat intel firms and the U.S. government indicating that Pysa was a major threat to the education sector in…