Lawrence Abrams reports that preliminary reports attributing a mass-wipe to a CVE from 2018 were not quite the whole story. Western Digital had originally told BleepingComputer that the attacks were being conducted through a 2018 vulnerability tracked as CVE-2018-18472, which was not fixed as the device has been out of support since 2015. It turns out that…
Category: Commentaries and Analyses
Data for 700M LinkedIn Users Posted for Sale in Cyber-Underground
Tara Seals reports: After 500 million LinkedIn enthusiasts were affected in a data-scraping incident in April, it’s happened again – with big security ramifications. A new posting with 700 million LinkedIn records has appeared on a popular hacker forum, according to researchers. Analysts from Privacy Sharks stumbled across the data put up for sale on…
Ca: SIM card theft: Discount provider, discount protection?
Tristan Peloquin reports: Telus customers who were victims of SIM card scams are sounding the alarm on apparent flaws in the company’s security systems. An employee of its discount subsidiary Public Mobile even told a customer that the service she uses is “more at risk than others” because she pays less. “If you pay for…
Bits ‘n Pieces
Aultman Health Foundation Notifying Patients of Insider-Wrongdoing The Ohio foundation is notifying approximately 7,000 patients that a former employee accessed their records without business need. HOYA Optical Labs of America Notifying Patients of Ransomware Incident As first reported by HealthITSecurity, the Japanese-headquartered firm notified 3,259 U.S. patients of a ransomware incident. The incident occurred in…
HSE seeks order to help find who uploaded or downloaded files stolen in cyberattack
Ann O’Loughlin reports: Over 20 people either uploaded or downloaded confidential information stolen in last month’s cyberattack on the HSE onto a web service provided by a Google-owned internet security firm, the High Court has heard. Mr Justice Tony O’Connor was told on Friday that late last month approximately 27 files stolen from the HSE…
Facebook Pays $6.5 Million to End Fee Fight in Breach Case
David McAfee reports: Facebook Inc. will pay $6.5 million to class counsel in a lawsuit that alleged the company’s negligence allowed hackers to obtain user information via software bugs, ending a dispute over attorneys’ fees. The parties reached an agreement prior to a hearing scheduled for Thursday, they told Judge William Alsup. The amount is described…