Note: coverage of the breaches referenced below can be found on this stie by searching it for “Jackson Health System.” The following is a press release from the U.S. Department of Health Office for Civil RIghts: The Office for Civil Rights (OCR) at the U.S. Department of Health and Human Services has imposed a civil…
Category: Commentaries and Analyses
NordVPN, TorGuard and VikingVPN disclose security breaches
João Silva writes: NordVPN, one of the most well-known VPN provider, had confirmed a security breach in early 2018. At fault, there’s the data centre provider from Finland, where the server was hosted. The data centre provider used an insecure remote management system that NordVPN was “unaware” of. Although NordVPN seems to be playing down the occurrence,…
UK: Ex-Met detective loses court battle over payout for data breach
Diane Taylor reports: A former Metropolitan police detective who successfully sued the force for wrongly using its powers to investigate her has lost her eight-year court battle to hold the police to account. Andrea Brown said after a new ruling against her she might become homeless paying the police’s costs. “It can’t be right that the police…
Hackers Breach Avast Antivirus Network Through Insecure VPN Profile
Ionut Ilascu reports: Hackers accessed the internal network of Czech cybersecurity company Avast, likely aiming for a supply chain attack targeting CCleaner. Detected on September 25, intrusion attempts started since May 14. Following an investigation, the antivirus maker determined that the attacker was able to gain access using compromised credentials via a temporary VPN account….
Russian cyberattack unit ‘masqueraded’ as Iranian hackers, UK says
Helen Warrell in London and Henry Foy report: A Russian cyber espionage unit has hacked Iranian hackers to lead attacks in more than 35 countries, a joint UK and US investigation has revealed. The so-called Turla group, which has been linked with Russian intelligence, allegedly hijacked the tools of Oilrig, a group widely linked to the…
Everything’s broken, Monday edition (medical data leaks)
It seems that every week I hear from researchers who find patient data or medical data exposed. And I know some of them spend inordinate amounts of time trying to contact entities to get them to secure their unsecured sensitive data. Some of these researchers do this for no pay and no expectation or hope…