Vildan Altuglu, Maria Salgado, Omur Celmanbet, Rezwan Haque, and Lucia Yanguas of Cornerstone Research write: The COVID-19 pandemic, which has generated a surge in telehealth and introduced the concept of contact tracing into our daily lives, is likely to expose businesses and governments to an increased risk of data privacy and data breach class actions…
Category: Commentaries and Analyses
A Hacker Got All My Texts for $16
If this story doesn’t scare you, I don’t know what will. Joseph Cox reports: I didn’t expect it to be that quick. While I was on a Google Hangouts call with a colleague, the hacker sent me screenshots of my Bumble and Postmates accounts, which he had broken into. Then he showed he had received…
NY: Home care agency notifies more than 92,000 after ransomware attack
Back in January, Sodinokibi (REvil) threat actors added Preferred Home Care of New York to their dark web leak site. At the time, the threat actors did what they usually do — they posted a few screencaps as proof of access. The screencaps showed directories of folders and images of identity cards of people working…
Former Roswell Park nurse pleads guilty to tampering with a consumer product
Articles on breaches involving protected health information (PHI) often raise the specter of what could happen if a patient’s records were misused and the patient’s healthcare suffered as a result. Here’s a case where it reportedly happened. This case also raises some questions about access controls and the value of audits and follow-up on audits….
Ransomware now attacks Microsoft Exchange servers with ProxyLogon exploits
Lawrence Abrams reports: Threat actors are now installing a new ransomware called ‘DEARCRY’ after hacking into Microsoft Exchange servers using the recently disclosed ProxyLogon vulnerabilities. Since Microsoft revealed earlier this month that threat actors were compromising Microsoft Exchange servers using new zero-day ProxyLogon vulnerabilities, a significant concern has been when threat actors would use it to…
Hackers Rushed in as Microsoft Raced to Avert Mass Cyber-Attack
Kartikay Mehrotra and Alyza Sebenius report that the timing of the attacks exploiting vulnerabilities in Microsoft Exchange right before Microsoft could push patches out has Microsoft considering whether there was some leak that alerted the hackers: Microsoft is now investigating the possibility of a leak that may have triggered these mass Exchange compromises ahead of…