Jay Kolls reports: In April, Gov. Tim Walz signed an executive order allowing the Minnesota Department of Health and the Minnesota Department of Public Safety to share addresses of COVID-19 patients with first responders across Minnesota. The governor imposed strict guidelines for sharing those addresses to protect the identity of Minnesotans with COVID-19. MDH and…
Category: Commentaries and Analyses
Inspector General’s Report Confirms CBP Contractor Was Hacked, Resulting In Sensitive Info Making Its Way To The Dark Web
Tim Cushing reports an update on a 2019 breach previously noted on this site; Last year, a CBP vendor suffered a data breach affecting more than 100,000 people who had crossed the border at checkpoints. The CBP refused to name the contractor involved in the breach, but internal documents indicated it was Perceptics. Perceptics provided and maintained the…
Framework Outlines How Companies Should Talk About Breaches
Fahmida Y. Rashid writes: Investigating and recovering from security incidents are extremely stressful and time-consuming. Talking about what happened poses a different set of challenges, and many organizations struggle with effective communication. Organizations are increasingly developing incident response playbooks to plan out in advance what steps to take in case of a security breach—such as…
The Cyber-Avengers Protecting Hospitals From Ransomware
Sonner Kehrt has an article on CTI that begins: It was early February when Ohad Zaidenberg first started noticing malicious emails and files disguised as information about Covid. He’s a cyber intelligence researcher based in Israel, and they were the sort of schemes he encountered all the time—benign-looking messages that trick people into giving someone network…
When coffee makers are demanding a ransom, you know IoT is screwed
Dan Goodin reports: With the name Smarter, you might expect a network-connected kitchen appliance maker to be, well, smarter than companies selling conventional appliances. But in the case of the Smarter’s Internet-of-things coffee maker, you’d be wrong. As a thought experiment, Martin Hron, a researcher at security company Avast, reverse engineered one of the $250…
Pastebin’s new features concern infosec community
Catalin Cimpanu reports that Pastebin added new features that researchers fear and predict will be wildly abused: Named “Burn After Read” and “Password Protected Pastes,” the two new features allow Pastebin users to create pastes (pieces of text) that expire after a single read or pastes that are protected by a password. None of the…