Paul Bischoff reports on an issue DataBreaches.net and Jelle Ursem recently reported on: data being exposed because of code left in public repositories on GitHub (see our report about exposed protected health information in No Need to Hack When It’s Leaking). Bischoff writes that Comparitech researchers sought to find out how long it took hackers…
Category: Commentaries and Analyses
Yevgeniy Nikulin sentenced to 88 months for hacks of LinkedIn, Dropbox, and Formspring
More than two years after he was extradited from the Czech Republic where he was arrested in 2016 for hacking LinkedIn, Dropbox, and Formspring, Russian national Yevgeniy Nikulin was sentenced today to 88 months by Judge William Alsup in federal court in northern California. Nikulin, also known as “Chinabig01,” “dex.007, ” “valeriy.krutov3, and “itBlackHat,” had…
Security lapse exposes hundreds of addresses of Minnesotans infected with COVID-19
Jay Kolls reports: In April, Gov. Tim Walz signed an executive order allowing the Minnesota Department of Health and the Minnesota Department of Public Safety to share addresses of COVID-19 patients with first responders across Minnesota. The governor imposed strict guidelines for sharing those addresses to protect the identity of Minnesotans with COVID-19. MDH and…
Inspector General’s Report Confirms CBP Contractor Was Hacked, Resulting In Sensitive Info Making Its Way To The Dark Web
Tim Cushing reports an update on a 2019 breach previously noted on this site; Last year, a CBP vendor suffered a data breach affecting more than 100,000 people who had crossed the border at checkpoints. The CBP refused to name the contractor involved in the breach, but internal documents indicated it was Perceptics. Perceptics provided and maintained the…
Framework Outlines How Companies Should Talk About Breaches
Fahmida Y. Rashid writes: Investigating and recovering from security incidents are extremely stressful and time-consuming. Talking about what happened poses a different set of challenges, and many organizations struggle with effective communication. Organizations are increasingly developing incident response playbooks to plan out in advance what steps to take in case of a security breach—such as…
The Cyber-Avengers Protecting Hospitals From Ransomware
Sonner Kehrt has an article on CTI that begins: It was early February when Ohad Zaidenberg first started noticing malicious emails and files disguised as information about Covid. He’s a cyber intelligence researcher based in Israel, and they were the sort of schemes he encountered all the time—benign-looking messages that trick people into giving someone network…