Catalin Cimpanu reports: An anonymous security researcher has published details about a zero-day in vBulletin, today’s most popular internet forum software. Because of this individual’s actions, security experts are now concerned that the publication of details about this unpatched vulnerability could trigger a wave of forum hacks across the internet, with hackers taking over forum…
Category: Commentaries and Analyses
Maryland Adds Insurance Commissioner to Breach Notification Requirements
Liisa Thomas, Kari Rollins and Julia Kadish of Sheppard Mullin write: Effective October 1, 2019, organizations providing health insurance and related services must notify the Maryland Insurance Administration as part of its breach notification requirements. In August 2019, the Maryland Insurance Administration issued Bulletin 19-14 informing insurers, nonprofit health plans, HMOs, managed care organizations, managed general agents and…
Payouts From Insurance Policies May Fuel Ransomware Attacks
AP reports: The call came on a Saturday in July delivering grim news: Many of the computer systems serving the government of LaPorte County, Indiana, had been taken hostage with ransomware. The hackers demanded $250,000. No way, thought County Commission President Vidya Kora. But less than a week later, officials in the county southeast of…
Thousands of abandoned medical records found in deceased Indiana doctor’s abortion clinics
Christina Maxouris of CNN reports on what appears to be a horrifying medical privacy breach. First, authorities discovered a spine-chilling 2,246 fetal remains in the Illinois garage of an abortion doctor after his death. Then, investigators found “thousands” of abandoned medical records across his abortion clinics in Indiana, the Indiana attorney general announced on Friday….
New evasive spear phishing attacks bypass email security measures
Katie Donegan reports: Attackers are playing the long game. Their newest phishing adaption is a product of monthslong intelligence gathering and social engineering — and it’s already being put into action. Dubbed evasive spear phishing, this new category of email security threat was discovered by investigating more than 25 million email attachments. Detailed in a…
Tortoiseshell Group Targets IT Providers in Saudi Arabia in Probable Supply Chain Attacks
Symantec reports: A previously undocumented attack group is using both custom and off-the-shelf malware to target IT providers in Saudi Arabia in what appear to be supply chain attacks with the end goal of compromising the IT providers’ customers. The group, which we are calling Tortoiseshell, has been active since at least July 2018. Symantec…