After multiple unsuccessful attempts to get a popular Japanese medical online consultation site to secure a misconfigured bucket, researchers at SafetyDetectives have decided to publicly disclose the leak. Doctors Me provides customers with on-demand access to professional medical advice. People can sign up for a monthly unlimited access plan (for less than $3.00 per month)…
Category: Commentaries and Analyses
The Obsession with Faster Cybersecurity Incident Reporting
Tim Erlin writes: Requirements for reporting cybersecurity incidents to some regulatory or government authority are not new, but there has always been a large amount of inconsistency, globally, in exactly what the requirements are. More recently, there’s been a growing trend across government and regulatory bodies in the United States towards shorter timeframes for reporting…
Newer Conti ransomware source code leaked out of revenge
“ContiLeaks,” generally believed to be a Ukrainian security researcher (although that is not confirmed), is at it again. Lawrence Abrams reports that they have now leaked newer malware source code for Conti. Read more about it BleepingComputer.
Indicators of Compromise Associated with AvosLocker Ransomware
There’s a new joint Cybersecurity Advisory (Product ID: CU-000164-MW) out this week. SUMMARY AvosLocker is a Ransomware as a Service (RaaS) affiliate-based group that has targeted victims across multiple critical infrastructure sectors in the United States including, but not limited to, the Financial Services, Critical Manufacturing, and Government Facilities sectors. AvosLocker claims to directly handle…
Leaked ransomware documents show Conti helping Putin from the shadows
Matt Burgess of Wired.com reports: For years, Russia’s cybercrime groups have acted with relative impunity. The Kremlin and local law enforcement have largely turned a blind eye to disruptive ransomware attacks as long as they didn’t target Russian companies. Despite direct pressure on Vladimir Putin to tackle ransomware groups, they’re still intimately tied to Russia’s interests. A recent leak from…
Polish SA: record fine of almost $1.2 million imposed on Fortum Marketing and Sales Polska S.A. for personal data breach
Seen at the European Data Protection Board, a decision from the Polish S.A.: Background information Date of final decision: 19 January 2022 Cross-border case or national case: National Case. Controller: Fortum Marketing and Sales Polska S.A. Legal Reference: Integrity and confidentiality (Art. 5(1)(f)), Responsibility of the controller (Art. 24(1)), Data protection by design and by…