Alexander Martin reports: Secret information belonging to the Ministry of Defence was exposed to hostile states when it was transferred from secure networks to personal email accounts, Sky News has learnt. Although documents obtained by Sky News were redacted to obscure the nature of the secret information, they reveal a record number of security breaches…
Category: Commentaries and Analyses
Assessing Damages in Data Privacy and Data Breach Class Actions Involving Health Data in the Wake of COVID-19
Vildan Altuglu, Maria Salgado, Omur Celmanbet, Rezwan Haque, and Lucia Yanguas of Cornerstone Research write: The COVID-19 pandemic, which has generated a surge in telehealth and introduced the concept of contact tracing into our daily lives, is likely to expose businesses and governments to an increased risk of data privacy and data breach class actions…
A Hacker Got All My Texts for $16
If this story doesn’t scare you, I don’t know what will. Joseph Cox reports: I didn’t expect it to be that quick. While I was on a Google Hangouts call with a colleague, the hacker sent me screenshots of my Bumble and Postmates accounts, which he had broken into. Then he showed he had received…
NY: Home care agency notifies more than 92,000 after ransomware attack
Back in January, Sodinokibi (REvil) threat actors added Preferred Home Care of New York to their dark web leak site. At the time, the threat actors did what they usually do — they posted a few screencaps as proof of access. The screencaps showed directories of folders and images of identity cards of people working…
Former Roswell Park nurse pleads guilty to tampering with a consumer product
Articles on breaches involving protected health information (PHI) often raise the specter of what could happen if a patient’s records were misused and the patient’s healthcare suffered as a result. Here’s a case where it reportedly happened. This case also raises some questions about access controls and the value of audits and follow-up on audits….
Ransomware now attacks Microsoft Exchange servers with ProxyLogon exploits
Lawrence Abrams reports: Threat actors are now installing a new ransomware called ‘DEARCRY’ after hacking into Microsoft Exchange servers using the recently disclosed ProxyLogon vulnerabilities. Since Microsoft revealed earlier this month that threat actors were compromising Microsoft Exchange servers using new zero-day ProxyLogon vulnerabilities, a significant concern has been when threat actors would use it to…