In September, DataBreaches.net reported that Maze threat actors claimed to have attacked an Ohio public school district, but the district was not responding to inquiries from this site about the claims. One month later, this site named the district as Toledo Public Schools and reported that while Maze had dumped files with student and employee…
Category: Commentaries and Analyses
FireEye and Accellion provide more details on attack
Andrew Moore, Genevieve Stark, Isif Ibrahima, Van Ta of FireEye write: Starting in mid-December 2020, malicious actors that Mandiant tracks as UNC2546 exploited multiple zero-day vulnerabilities in Accellion’s legacy File Transfer Appliance (FTA) to install a newly discovered web shell named DEWMODE. The motivation of UNC2546 was not immediately apparent, but starting in late January 2021, several organizations…
Amber Group breaks silence on unsecured storage bucket; NatSec minister suggests TechCrunch reporter may have violated CyberCrime Act
The Gleaner reports a follow-up on an unsecured storage server exposing personal information and COVID-related information of travelers to Jamaica. The exposed bucket was first reported by Zack Whittaker of TechCrunch on February 17: The storage server, hosted on Amazon Web Services, was set to public. It’s not known for how long the data was…
India’s cyber defenses breached and reported; govt. yet to fix it
John Xavier reports that India’s government has been slow to respond to a report by ethical hackers that had been shared with the U.S. Department of Defense Cyber Crime Center (DC3): which initiated contact with the India’s National Critical Infrastructure Information Protection Centre (NCIIPC). Following this, the security team shared its 34-page threat report to…
Personal info compromised at 88 firms in Japan in 2020
Let’s see how things are doing elsewhere. JiJi reports: Personal information was compromised or lost at a total of 88 publicly traded companies and their subsidiaries in Japan in 2020, the highest number since such data began being collected in 2012, according to a survey by Tokyo Shoko Research Ltd. In total, personal information on…
IT: Guarantor for privacy: two hospitals and one AUSL sanctioned
Marco De Felice reports: The Guarantor for privacy has sanctioned two hospitals and an AUSL, they had communicated medical information to the wrong people. The three structures fined are the Sienese University Hospital , the University Hospital of Parma and the Romagna Local Health Authority . The two hospitals received a fine of €10,000, while for the Romagna AUsl the fine was €50,000. ……