The government and professionals involved in ransomware incident response have often advised victims not to pay the ransom because even if you pay, you may not get your data back, and you may not get your data deleted by criminals who pinky swear that they will delete it. Then, too, they may pinky swear that…
Category: Commentaries and Analyses
Hackers use zero-day to mass-wipe My Book Live devices
Lawrence Abrams reports that preliminary reports attributing a mass-wipe to a CVE from 2018 were not quite the whole story. Western Digital had originally told BleepingComputer that the attacks were being conducted through a 2018 vulnerability tracked as CVE-2018-18472, which was not fixed as the device has been out of support since 2015. It turns out that…
Data for 700M LinkedIn Users Posted for Sale in Cyber-Underground
Tara Seals reports: After 500 million LinkedIn enthusiasts were affected in a data-scraping incident in April, it’s happened again – with big security ramifications. A new posting with 700 million LinkedIn records has appeared on a popular hacker forum, according to researchers. Analysts from Privacy Sharks stumbled across the data put up for sale on…
Ca: SIM card theft: Discount provider, discount protection?
Tristan Peloquin reports: Telus customers who were victims of SIM card scams are sounding the alarm on apparent flaws in the company’s security systems. An employee of its discount subsidiary Public Mobile even told a customer that the service she uses is “more at risk than others” because she pays less. “If you pay for…
Bits ‘n Pieces
Aultman Health Foundation Notifying Patients of Insider-Wrongdoing The Ohio foundation is notifying approximately 7,000 patients that a former employee accessed their records without business need. HOYA Optical Labs of America Notifying Patients of Ransomware Incident As first reported by HealthITSecurity, the Japanese-headquartered firm notified 3,259 U.S. patients of a ransomware incident. The incident occurred in…
HSE seeks order to help find who uploaded or downloaded files stolen in cyberattack
Ann O’Loughlin reports: Over 20 people either uploaded or downloaded confidential information stolen in last month’s cyberattack on the HSE onto a web service provided by a Google-owned internet security firm, the High Court has heard. Mr Justice Tony O’Connor was told on Friday that late last month approximately 27 files stolen from the HSE…