Kathleen E. Dion of Robinson & Cole writes: The FBI recently issued a Flash alert warning higher education institutions, k-12 schools, and seminaries about increasing numbers of ransomware attacks affecting the education industry. According to the warning, “[s]ince March 2020, the FBI has become aware of PYSA ransomware attacks against U.S. and foreign government entities,…
Category: Commentaries and Analyses
Vulnerability: Est. Millions of Users of Popular Educational Platform Exposed to Account Takeover Threats And More
A lot of universities have been attacked recently. Not all attacks are related to the Moodle vulnerability described in this report (e.g., all the Accellion-related university breaches), but the Moodle vulnerability worth noting and addressing if it applies to your uni. Chase Williams reports: At the beginning of October 2020, the Wizcase cyber research team, led by…
They, too, also issued breach notices…
Each week, I post some articles on this site about breaches involving protected health information or medical information, but there are usually other reports that just get entered on my worksheets for analysis for Protenus. To give you a taste of how many more incidents we record but not necessarily post in a week, I…
As ransomware stalks the manufacturing sector, victims are still keeping quiet
Sean Lyngaas reports: Halvor Molland was asleep on a brisk night in Oslo, Norway’s capital, two years ago when his phone rang around 3 a.m. The computer servers of Norsk Hydro, the global aluminum producer where Molland is senior vice president for communications, had seized up as a crippling ransomware infection spread through the company’s networks….
Phone numbers for 533 million Facebook users leaked on hacking forum
Catalin Cimpanu reports: A threat actor has published the phone numbers and account details for an estimated 533 million Facebook users —about a fifth of the entire social network’s user pool— on a publicly accessible cybercrime forum. According to samples reviewed by The Record today, the leaked data includes information that users posted on their profiles. Information…
Buying Breached Data: When Is It Ethical?
Jeremy Kirk reports: Security practitioners often tread a fine and not entirely well-defined legal line when conducting data breach research. This research can also pose ethical questions when commercial sources for stolen data fall into a gray area. Kirk’s article on DataBreach Today provides a good overview of the issue. And I totally agree with…