Kartikay Mehrotra of Bloomberg reports: A vulnerability in Microsoft Inc.’s cloud database system left data at thousands of clients exposed to potential cyberattacks for about two years, according to the Israeli cybersecurity firm that discovered the bug. More than 3,300 of the software giant’s customers were exposed to a flaw in its Azure Cosmos DB…
Category: Commentaries and Analyses
Advisories are published, but are enough entities reading them and taking precautions?
Three advisories have been released this week about threat actor groups. One involves ALTDOS, one involves HIVE, and one involves the “OnePercent Group,” whose name may not sound familiar to many. ALTDOS (Joint Advisory) It appears that ALTDOS is getting some serious attention from Singapore’s CSA and other agencies in Singapore. These threat actors who…
Alibaba Cloud data leak ‘violated Cybersecurity Law’ in 2019 and must rectify, local Chinese telecoms regulator says
Coco Feng reports: The telecoms authority of China’s eastern Zhejiang province has told the cloud computing unit of Alibaba Group Holding that it violated the country’s Cybersecurity Law and should make rectifications following a complaint about a 2019 information leak. In a letter dated July 5, the Zhejiang Communications Administration (ZCA) said it found Alibaba Cloud “disclosed…
Hackers Release Data Trove From Belarus in Bid to Overthrow Lukashenko Regime
Ryan Gallagher reports: Opponents of the Belarus government said they have pulled off an audacious hack that has compromised dozens of police and interior ministry databases as part of a broad effort to overthrow President Alexander Lukashenko’s regime. The Belarusian Cyber Partisans, as the hackers call themselves, have in recent weeks released portions of a huge data trove…
Au: Latest OAIC data breach report: a reduction in notifications but persistent concerns about cyber security incidents
Kate Marshall, Veronica Scott, and Jason Kaye of KPMG Law write: The Office of the Australian Information Commissioner (OAIC) now releases bi-annual reports on data breaches that are reported under the Notifiable Data Breaches (NDB) scheme in the Privacy Act 1988 (Cth) (Privacy Act). Its latest report for the period of January 2021 to June 2021 show…
Internal emails raise questions about government’s investigation into Walgreens privacy breach
I am so glad to see a follow-up on this case because I had the same questions about how and why Walgreens did not suffer the same federal penalties as CVS and Rite Aid for the same infringement of HIPAA. My original coverage of this breach is no longer online as the former version of…