Bill Toulas reports: The WordPress WP HTML Mail plugin, installed in over 20,000 sites, is vulnerable to a high-severity flaw that can lead to code injection and the distribution of convincing phishing emails. ‘WP HTML Mail’ is a plugin used for designing custom emails, contact form notifications, and generally tailored messages that online platforms send…
Category: Commentaries and Analyses
A data breach that put 688,000 patients at risk just became … even worse
Q: What’s worse than a really bad data breach involving patient and employee data? A: A really bad data breach where the data gets leaked on the internet for everyone to grab for free. In June 2021, DataBreaches.net reached out to Sea Mar Community Health Centers in Washington to alert them to what appeared to…
Unhappy New Year for cybercriminals as VPNLab.net goes offline
Do threat actors feel like walls are closing in on them? They might well be feeling that way — or maybe they should be feeling that way. From Europol, today: This week, law enforcement authorities took action against the criminal misuse of VPN services as they targeted the users and infrastructure of VPNLab.net. The VPN…
Earth Lusca Hackers Aimed at High-Value Targets in Government and Private Sectors
Ravie Lakshmanan reports: An elusive threat actor called Earth Lusca has been observed striking organizations across the world as part of what appears to be simultaneously an espionage campaign and an attempt to reap monetary profits. “The list of its victims includes high-value targets such as government and educational institutions, religious movements, pro-democracy and human rights organizations…
Polish DPA imposes a fine on Warsaw University of Technology for not complying with its obligation
Background information Date of final decision: 9 December 2021 National case Controller: Warsaw University of Technology Legal Reference: Principles (Art. 5(1)(f), Art. 5(2)), Data protection by design and by default (Art. 25(1)), Security of processing (Art. 32(1), Art. 32(2)) Decision: infringement of GDPR, fine issued Key words: principles, processing, security, data protection Summary of…
Guilford Technical Community College notifies 65,646 affected by ransomware incident in 2020
On September 19, 2020, DataBreaches.net reported that Guilford Technical Community College (GTCC) in North Carolina had reportedly become a ransomware victim of DoppelPaymer on September 13. The following month, this site followed up by asking whether GTCC had notified the more than 43,000 students whose data had appeared on the dark web. A spokesperson for…