In today’s reminder of the insider threat, Jung Suk-yee reports that employees of the Korea Aerospace Research Institute (KARI) are being investigated by the Daejeon Metropolitan Police Agency for leaking sensitive technology: The investigation, which has captured national attention, involves a suspected breach of data related to South Korea’s ambitious Nuri space launch vehicle project….
Category: Miscellaneous
Microsoft wouldn’t look at a bug report without a video. Researcher maliciously complied
Connor Jones reports: A vulnerability analyst and prominent member of the infosec industry has blasted Microsoft for refusing to look at a bug report unless he submitted a video alongside a written explanation. Senior principal vulnerability analyst Will Dormann said last week he contacted Microsoft Security Response Center (MSRC) with a clear description of the…
Appellate court upholds sentence for former Uber cyber executive Joe Sullivan
Jonathan Greig reports: The conviction of former Uber chief security officer Joe Sullivan on obstruction of justice charges was upheld by the U.S. Court of Appeals for the Ninth Circuit in California this week after the cybersecurity expert disputed several aspects of his sentence and charges. Sullivan was given three years probation by a U.S….
White House cyber director’s office set for more power under Trump, experts say
Suzanne Smalley reports: The Office of the National Cyber Director (ONCD) is poised to become a stronger force in the second Trump administration and will finally operate as the executive branch cybersecurity policy lead that Congress envisioned when establishing it in 2021, experts say. President Donald Trump’s selection of Sean Cairncross to lead the office signals that…
Bogus ‘BianLian’ Gang Sends Snail-Mail Extortion Letters
Elizabeth Montalbano reports: Someone claiming to represent the BianLian ransomware group is sending top executives from various organizations snail-mail extortion letters informing them that their IT network has been compromised and threatening to delete or leak sensitive company data. Sending physical letters through the mail system is an unusual move for a cybercriminal group, which typically sends…
Rite Aid Agrees to $6.8M Settlement Over Data Breach Lawsuit
Rihem Akkouche reports: In a dramatic legal turn, Rite Aid has consented to a $6.8 million settlement to resolve class action allegations that it failed to prevent a cyberattack compromising the sensitive information of over 2 million customers. The settlement, preliminarily approved by U.S. District Judge Harvey Bartle III on Tuesday, allows claimants to receive up to…