Kaspersky has released its first transparency report concerning requests received from government and law enforcement agencies, and users for data and technical expertise in 2020 and H1 2021. Kaspersky has publicly shared its approach in responding to requests from global government and law enforcement agencies for two categories: user data and technical expertise. It also…
Category: Commentaries and Analyses
Walgreens’ Covid-19 test registration system exposed — and still exposes? — patient data
Sara Morrison reports: If you got a Covid-19 test at Walgreens, your personal data — including your name, date of birth, gender identity, phone number, address, and email — was left on the open web for potentially anyone to see and for the multiple ad trackers on Walgreens’ site to collect. In some cases, even…
SuspectFile intervista AvosLocker: nuovi dettagli sulla variante avos2
Marco A. DeFelice has a post about AvosLocker that is in both Italian and English, in different parts. The English part is a bit of an interview or chat Marco had with their spokesperson. They use the opportunity to explain how superior they believe their new variant, .avos2, is. You can read it all on…
Education Department Updates Rules and Criminal Penalties for Accessing Agency Data
Aaron Boyd reports: The Education Department is rolling out new rules for accessing and handling agency data by third parties—including students, parents and loan companies—with updated criminal penalties for anyone not following the new statutes. The new rules intend to bring the department into compliance with the 2019 Stop Student Debt Relief Scams Act and…
New .avos2 variant: AvosLocker affiliate extorts $ 85k from victim thanks to old vulnerability in FortiGate VPN
Marco A. De Felice reports: An affiliate of the AvosLocker ransomware group extorts $ 85,000 in bitcoin from a company thanks to a known vulnerability in FortiGate VPN ( CVE-2018-13379 ). A vulnerability that the American multinational had corrected THANKS TO AN UPDATE released IN NOVEMBER 2019 . Those who have not updated their systems are a small company that…
Groove VS Babuk; Groove Ransom Manifesto & RAMP Underground Platform Secret
I’m not sure if you need to be a threat analyst, a drama critic, or a bit of both these days. But Yelisey Boguslavskiy & Anastasia Sentsova of AdvIntel dive in to some of the recent goings on: On September 7, 2021, a representative of the newly-formed Groove ransomware syndicate decided to share their insights…