Jai Vijayan reports: In recent attacks involving the ominously growing RansomHub ransomware, attackers have exploited the so-called ZeroLogon flaw in the Windows Netlogon Remote Protocol from 2020 (CVE-2020-1472) to gain initial access to a victim’s environment. Prior to deploying the ransomware, the attackers have used several dual-use tools, including remote access products from companies like Atera…
Category: Commentaries and Analyses
Google Database Reveals Thousands of Privacy Incidents
Joseph Cox reports: Google has accidentally collected childrens’ voice data, leaked the trips and home addresses of car pool users, and made YouTube recommendations based on users’ deleted watch history, among thousands of other employee-reported privacy incidents, according to a copy of an internal Google database which tracks six years worth of potential privacy and…
Snowflake data breach claims spark war of words over culpability; researchers may have been trolled
Solomon Klappholz reports: Snowflake has pinned the blame on a series of high-profile data breaches in recent days on customers failing to adequately secure production environments by using two-factor authentication. In a statement on 2 June 2024, Snowflake CISO Brad Jones pushed back on claims that major data breaches involving Ticketmaster and Santander were caused by a vulnerability or misconfiguration in Snowflake’s platform. […] Cyber crime intelligence…
Cops Are Just Trolling Cybercriminals Now
Matt Burgess reports: Russian cybercriminals are almost untouchable. For years, hackers based in the country have launched devastating ransomware attacks against hospitals, critical infrastructure, and businesses, causing billions in losses. But they’re out of reach of Western law enforcement and largely ignored by the Russian authorities. When police do take the criminals’ servers and websites offline, they’re often…
Notice of Security Incident – The New Yorker
The New Yorker decided to make fun of security incident notices in a piece by Jay Katsir. From the notice’s “What Happened?” section: In or around November or February, 2018/24, we detected suspicious activity within our system. It was not like in the movies, where a big red “ALERT” message flashes onscreen, but there was…
LifeLabs to appeal court’s decision to release Ontario IPC and BC OIPC breach investigation report
The Office of the Information & Privacy Commissioner for British Columbia issued the following statement on May 23 about a case that raises issues of transparency and claims of privileged information: LifeLabs has announced that it is seeking leave to appeal a court ruling upholding the decision of the Information and Privacy Commissioner of Ontario…