Amer Owaida reports: Around 3.5 million security cameras installed in homes and offices mainly in Asia and Europe have serious vulnerabilities that expose the gadgets’ owners to the risk that attackers will spy on them, steal their data or target other devices on the same networks, the United Kingdom’s consumer watchdog Which? has warned. “Brands with…
Category: Commentaries and Analyses
Lessons learned from the ANPR data leak that shook Britain
Ax Sharma reports: On April 28, 2020, The Register reported the massive Automatic Number-Plate Recognition (ANPR) system used by the Sheffield government authorities was leaking some 8.6 million driver records. An online ANPR dashboard responsible for managing the cameras, tracking license plate numbers and viewing vehicle images was left exposed on the internet, without any password or…
Minted hit with California data breach lawsuit after ShinyHunters hack
We anticipated a lot of lawsuits would be filed under California’s new law, the California Consumer Privacy Act (CCPA), as it imposes a data security duty on organizations. But will any of the complaints filed withstand early motions to dismiss? The CCPA requires complainants to give the organization 30 days to “cure” a violation and…
Ransomware victims keep paying, and ransomware groups keep growing
Graham Cluley writes: The City of Florence in northern Alabama has agreed to pay a ransom of US $300,000 worth of Bitcoin to hackers who compromised its computer systems and deployed ransomware. At an emergency meeting this week, the Florence City Council unanimously voted to give in to the extortionists’ demands and pay the cybercriminals…
12,000+ Indian blood donors’ PII and passwords leaked
CloudSEK reports: CloudSEK has discovered a data leak that contains sensitive information of 12,472 blood donors registered on http://www.indianblooddonors.com/index.php. Indian Blood Donors is an organization that maintains a free database of blood donors. They also have an app, which matches recipients with the nearest donor, based on blood type. Discovery of the leak A CloudSEK researcher discovered…
Cybereason’s Newest Honeypot Shows How Multistage Ransomware Attacks Should Have Critical Infrastructure Providers on High Alert
Israel Barak reports on some research by Cybereason that is not really surprising in its results, but is still a bit scary. The firm set up a honeypot to look like an electric company with operations in North America and Europe. Within days, attackers had found it and started attacking it. From their overview: Cybereason…