Zach Clemens reports that Estes Park Health suffered a ransomware attack on June 2. No data was exfiltrated, but it was locked up, and after consulting with their cyberinsurer and IT people, they decided that they had to pay the ransom. “At that point in time we are looking at the patients we have internally,…
Category: Commentaries and Analyses
Authorities Arrest Three Suspected Admins of France’s Biggest Darkweb Market
Seen on d/darknetlive: On June 12, French law enforcement arrested the three suspected administrators of the French DeepWeb Market, the largest darkweb market in France. The administrators are facing charges in connection with the drug trafficking that took place on the site and several related crimes. Three people were detained on June 12 as part…
Critical Flaw in Evernote Add-On Exposed Sensitive Data of Millions
Sergiu Gatlan reports: A critical flaw in the Evernote Web Clipper Chrome extension could allow potential attackers to access users’ sensitive information from third party online services. “Due to Evernote’s widespread popularity, this issue had the potential of affecting its consumers and companies who use the extension – about 4,600,000 users at the time of…
SEC Issues Alert On Outsourcing and Data Security
Liisa Thomas, Sarah Aberg, Kari Rollins, and Katherine Boy Skipsey write: The SEC recently issued a risk alert warning about using vendors and cloud-based platforms. Many broker dealers and investment advisors are turning to these third parties to store customer data. In its alert, the SEC’s Office of Compliance Inspections and Examinations warns firms that…
Two hacking groups responsible for huge spike in hacked Magento 2.x stores
Catalin Cimpanu reports: Two hacker groups are responsible for a huge spike in the number of hacked Magento 2.x shopping sites, according to Willem de Groot, founder of Sanguine Security. This is now the third month in a row when the number of hacked Magento 2.x sites has doubled, after it previously doubled from March…
CNIL Fines French Real Estate Service Provider for Data Security and Retention Failures
From Hunton Andrews Kurth: On June 6, 2019, the French Data Protection Authority (the “CNIL”) announced that it levied a fine of €400,000 on SERGIC, a French real estate service provider, for failure to (1) implement appropriate security measures and (2) define data retention periods for the personal data of unsuccessful rental candidates. Read more…