Just days after prosecutors in the Eastern District of Virginia recommended that Conor Fitzpatrick, aka “Pompompurin,” be sentenced to at least 15 years in prison, District Judge Leonie M. Brinkema sentenced him to time served and supervised release. As DataBreaches previously reported, Fitzpatrick, the owner of the first BreachedForums site, pleaded guilty in July to…
Category: Commentaries and Analyses
German security researchers at risk of prosecution for “hacking” because of a plain text hardcoded password?
Over on Infosec.Exchange, Will Palant posted: Yellow Flag @[email protected] German law is making security research a risky business. Current news: A court found a developer guilty of “hacking.” His crime: he was tasked with looking into a software that produced way too many log messages. And he discovered that this software was making a MySQL…
Four-in-ten employees sacked over email security breaches as firms tackle “truly staggering” increase in attacks
Emma Woollacott reports: Nearly half of workers responsible for email security breaches over the last year have been sacked, according to new search, as cyber leaders begin taking a tougher stance amid a surge in attacks. Research from cyber security firm Egress found that 94% of organizations globally have experienced a serious email security incident…
CISA pushes federal agencies to patch Citrix RCE within a week
Sergiu Gatlan reports: Today, CISA ordered U.S. federal agencies to secure their systems against three recently patched Citrix NetScaler and Google Chrome zero-days actively exploited in attacks, pushing for a Citrix RCE bug to be patched within a week. The cybersecurity agency added the flaws to its Known Exploited Vulnerabilities Catalog today, saying that such vulnerabilities are “frequent attack…
As hacks worsen, SEC turns up the heat on CISOs
Zack Whittaker reports: Over the past year we’ve seen Uber’s former chief security officer convicted in federal court for mishandling a data breach, a federal regulator charge SolarWinds’ security chief with allegedly misleading investors prior to its own cyberattack and new regulations that compel companies to publicly reveal materially impactful data breaches within four business days. It might seem like it’s never…
Quantum Radiology cyber attack: Patients kept in the dark about nature of attack while employees are being harassed by attackers
Here’s a great way to destroy any trust your patients might have in you. Madeleine Damo reports: Staff at a western Sydney radiologist – recently hit with a cyber attack – were told to tell concerned patients the breach was “an operational IT issue”, while also fielding harassing phone calls from hackers themselves. Imaging and diagnostics…