From the FTC: The Health Breach Notification Rule has been in place since 2009. Given the pace of innovation, that seems like a century in tech years. Since then, we’ve seen an explosion in the popularity of health apps, fitness trackers, and other health-related monitors. To keep up with technological developments and evolving business practices, the…
Category: Commentaries and Analyses
KeePass exploit helps retrieve cleartext master password, fix coming soon
Bill Toulas reports: The popular KeePass password manager is vulnerable to extracting the master password from the application’s memory, allowing attackers who compromise a device to retrieve the password even with the database is locked. The issue was discovered by a security researcher known as ‘vdohney,’ who published a proof-of-concept tool allowing attackers to extract the KeePass…
Microsoft Azure VMs Hijacked in Cloud Cyberattack
Elizabeth Montalbano reports: A threat actor known for targeting Microsoft cloud environments now is employing the serial console feature on Azure virtual machines (VMs) to hijack the VM to install third-party remote management software within clients’ cloud environments. Tracked as UNC3844 by researchers at Mandiant Intelligence, the threat group is leveraging this attack method to…
A different kind of ransomware demand: Donate to charity to get your data back
A.J. Vicens reports: A new and increasingly active ransomware group that’s attacked nearly 200 organizations in less than two months has a different spin on its extortion efforts: Don’t pay us, pay a charity. So far, this unnamed group that is at least publicly claiming to be driven by anti-capitalist sentiment and its own brand…
Hacker attack Asl Abruzzo, Guarantor: downloading data is a crime
A press release (machine translated) from the Italian data protection regulator, Garante per la Protezione dei Dati Personali: With reference to the recent hacker attack suffered by Asl 1 Abruzzo, the Guarantor for the protection of personal data reminds that anyone who comes into possession or downloads data published on the dark web by criminal…
Re-Victimization from Police-Auctioned Cell Phones
Brian Krebs writes: Countless smartphones seized in arrests and searches by police forces across the United States are being auctioned online without first having the data on them erased, a practice that can lead to crime victims being re-victimized, a new study found. In response, the largest online marketplace for items seized in U.S. law…