Lawrence Abrams reports: Threat actors are now installing a new ransomware called ‘DEARCRY’ after hacking into Microsoft Exchange servers using the recently disclosed ProxyLogon vulnerabilities. Since Microsoft revealed earlier this month that threat actors were compromising Microsoft Exchange servers using new zero-day ProxyLogon vulnerabilities, a significant concern has been when threat actors would use it to…
Category: Commentaries and Analyses
Hackers Rushed in as Microsoft Raced to Avert Mass Cyber-Attack
Kartikay Mehrotra and Alyza Sebenius report that the timing of the attacks exploiting vulnerabilities in Microsoft Exchange right before Microsoft could push patches out has Microsoft considering whether there was some leak that alerted the hackers: Microsoft is now investigating the possibility of a leak that may have triggered these mass Exchange compromises ahead of…
Norway’s parliament hit by new hack attack
Reuters reports: Hackers have infiltrated the Norwegian Parliament’s computer systems and extracted data, officials said on Wednesday, just six months after a previous cyber attack was made public. The attack by unknown hackers was linked to a “vulnerability” in Microsoft’s Exchange software, the parliament said, adding that this was an “international problem”. Read more Reuters….
Told your organisation is leaking data? Here’s how not to respond
How many times have I blogged about “Don’t Shoot the Messenger” — the inappropriate response of some entities when notified that they have a leak or data breach? Here’s a current example, as noted by Graham Cluley. It all started routinely enough: Platform engineer and open source enthusiast Rob Dyke says that he’s found himself…
CIPL Submits Response to the EDPB Guidelines on Examples Regarding Data Breach Notification
Hunton Andrews Kurth writes: On March 2, 2021, the Centre for Information Policy Leadership (“CIPL”) at Hunton Andrews Kurth submitted its response to the European Data Protection Board (“EDPB”) consultation on draft guidelines on examples regarding data breach notification (the “Guidelines”). The Guidelines were adopted on January 14, 2021 for public consultation. The EDPB’s Guidelines are intended to provide concrete personal…
UK: Solicitor caught dumping client files in the street
The SRA has fined a solicitor for dumping rubbish bags containing client information outside his office. Trevor Nicholas Senkatuka was the sole practitioner of the now-defunct firm, Windsor Croft Solicitors, in Essex. The local council fined him for fly-tipping on the pavement outside his office. Council workers took photographs of the bags which revealed that they contained private client information. “The public would…