Raymond Leong, Dan Perez, and Tyler Dean report: FireEye Mandiant recently discovered a new malware family used by APT41 (a Chinese APT group) that is designed to monitor and save SMS traffic from specific phone numbers, IMSI numbers and keywords for subsequent theft. Named MESSAGETAP, the tool was deployed by APT41 in a telecommunications network…
Category: Commentaries and Analyses
Tech Companies Seek India Govt’s Help For Solving Aadhaar-PF linking Issue of Employees
Aman Rawat reports that a breach I didn’t even know about last year has raised concerns about what tech companies are willing to do in terms of linking their employees’ provident fund (PF) account numbers to their Aadhaar identification number. PF accounts are compulsory, government-managed retirement savings accounts. So if the government requires employees’ Aadhaar…
SC: Prisma Health discloses third patient data breach in two months
Noah Feit reports: Patients and volunteers at several Midlands hospitals might have had their personal information exposed online, according to Prisma Health. The problem was discovered after a Prisma Health employee’s login credentials were compromised, said Tammie Epps, a spokeswoman for the largest hospital system in South Carolina. Read more on The State. I had…
Details for 1.3 million Indian payment cards put up for sale on Joker’s Stash
This site has reported on a number of data leaks and breaches in India. And as regular readers know, I now have a criminal complaint and a civil suit against me and this site in India because 1to1Help.net didn’t like me exposing their embarrassing data leak. There’s also an injunction issued by an Indian court…
‘C.L.O.U.D.’s On the Horizon: How Law Enforcement Electronic Data Requests Are Going Global
Christopher A. Ott of Davis Wright Tremaine writes: Companies storing or moving large quantities of digital information routinely encounter subpoenas, court orders and warrants from United States law enforcement for subscriber and related data and records. However, the realities of cybercrime and recent under-publicized diplomatic activities could dramatically increase the volume of incoming requests from…
Ireland Issues Data Breach Notification Guidance
The Irish Data Protection Commission has issued guidance on data breach notification under GDPR. Attorneys at Fox Rothschild have prepared a summary that begins: Key takeaways: A personal data breach is a security incident that negatively impacts the confidentiality, integrity, or availability of personal data, with the consequence that the controller is unable to ensure…