Jake Moore writes: While a lot of media coverage centers on how threat actors are becoming better at evading capture and generally deploy ever more sophisticated techniques, I wanted to tell a story where one criminal in particular was anything but sophisticated. Before I joined ESET, I spent 14 years working in the UK police force working…
Category: Commentaries and Analyses
Serasa asked for bank passwords and will reveal itself
Leonard Manson reports: The São Paulo Consumer Protection and Defense Program (Procon-SP) notified Serasa on Monday (1st) to provide clarifications on the collection, and possible use, of the internet banking passwords required by the credit bureau to carry out searches on the site. The request for a bank password, made in the “customer area”, was…
Mandiant issues final report on its investigation into Accellion breach
Yesterday, Mandiant issued its final report on its investigation into the Accellion data breach that impacted a number of its big clients including Jones Day law firm, SingTel, Bombardier, Goodwin Procter, the Transport for NSW, the New Zealand Reserve Bank, and others. You can find the report here (pdf). And while the investigation may be…
Updating the Maze attack on Fairfax County Public Schools
In September, 2020 Fairfax County Public Schools in Virginia was hit with Maze ransomware.The attack was announced on Maze’s dedicated leak site in early September, and after multiple queries by this site, FCPS issued a statement confirming that they had been attacked. One month later, the threat actors started dumping some data on their leak…
Who Has Standing in a Data Breach Litigation? In The Third Circuit, Fear of Speculative Future Harm Still Doesn’t Cut It
Aaron Garavaglia and Kristin Bryan of Squire Patton Boggs write: As the number of data breaches continue to rise, so too will the number of lawsuits filed. As CPW previously reported, the number of data breaches in 2020 was more than double that of 2019. One can only wonder what 2021 will bring. Yet with this increase in…
PH: Civil Service Commission data breach, thousands of user details exposed
Art Samaniego reports: A hacker who calls himself IamNoobie told me that he was so pissed-off with the way government agencies implement security in their websites and servers that he decided to “take matters into his own keyboard”. IamNoobie noticed that the server of the Civil Service Commission (CSC) has promising results when he Google…