Ax Sharma reports: On April 28, 2020, The Register reported the massive Automatic Number-Plate Recognition (ANPR) system used by the Sheffield government authorities was leaking some 8.6 million driver records. An online ANPR dashboard responsible for managing the cameras, tracking license plate numbers and viewing vehicle images was left exposed on the internet, without any password or…
Category: Commentaries and Analyses
Minted hit with California data breach lawsuit after ShinyHunters hack
We anticipated a lot of lawsuits would be filed under California’s new law, the California Consumer Privacy Act (CCPA), as it imposes a data security duty on organizations. But will any of the complaints filed withstand early motions to dismiss? The CCPA requires complainants to give the organization 30 days to “cure” a violation and…
Ransomware victims keep paying, and ransomware groups keep growing
Graham Cluley writes: The City of Florence in northern Alabama has agreed to pay a ransom of US $300,000 worth of Bitcoin to hackers who compromised its computer systems and deployed ransomware. At an emergency meeting this week, the Florence City Council unanimously voted to give in to the extortionists’ demands and pay the cybercriminals…
12,000+ Indian blood donors’ PII and passwords leaked
CloudSEK reports: CloudSEK has discovered a data leak that contains sensitive information of 12,472 blood donors registered on http://www.indianblooddonors.com/index.php. Indian Blood Donors is an organization that maintains a free database of blood donors. They also have an app, which matches recipients with the nearest donor, based on blood type. Discovery of the leak A CloudSEK researcher discovered…
Cybereason’s Newest Honeypot Shows How Multistage Ransomware Attacks Should Have Critical Infrastructure Providers on High Alert
Israel Barak reports on some research by Cybereason that is not really surprising in its results, but is still a bit scary. The firm set up a honeypot to look like an electric company with operations in North America and Europe. Within days, attackers had found it and started attacking it. From their overview: Cybereason…
Italian company exposed as a front for malware operations
Catalin Cimpanu reports: For the past four years, an Italian company has operated a seemingly legitimate website and business, offering to provide binary protection against reverse engineering for Windows applications, but has secretly advertised and provided its service to malware gangs. The company’s secret business came to light after security researchers from Check Point began…