NYS Attorney General has been the most active state attorney general in terms of going after entities that don’t secure data properly. The following is from her latest press release: NEW YORK – New York Attorney General Letitia James secured $450,000 from three companies that distribute eufy home security video cameras for failing to secure consumers’…
Category: Of Note
UnitedHealth estimates 190M people impacted by Change Healthcare cyberattack
Paige Minemyer reports: Change Healthcare now estimates that 190 million people were impacted in the massive cyberattack that took down its services nearly a year ago. UnitedHealth Group, Change’s parent company, said in a statement to Fierce Healthcare that the “vast majority” of people impacted have received an individual or substitute notice about the breach….
Proposed Turkish Law Could Mean Prison for Reporting Data Leaks
Graham Cluley writes: The Turkish government is proposing a controversial new cybersecurity law that could make it a criminal act to report on data breaches. The new legislation proposes penalties for various cybersecurity-related offences. But the key one which has people concerned is this: “Those who carry out activities aimed at targeting institutions or individuals…
Research Report: The Insider Threat Digital Recruitment Marketplace
An interesting report by Nisos looks at those selling or advertising insider access and those recruiting insiders at firms. From the report: Executive Summary Nisos routinely monitors mainstream and alternative social media platforms, as well as cloud-based messaging applications and dark web forums to identify individuals and networks advertising insider access or recruiting insiders at…
Cloudflare CDN flaw leaks user location data, even through secure chat apps
Bill Toulas reports: A security researcher discovered a flaw in Cloudflare’s content delivery network (CDN), which could expose a person’s general location by simply sending them an image on platforms like Signal and Discord. While the geo-locating capability of the attack is not precise enough for street-level tracking, it can provide enough data to infer what…
Do-Over: “Pompompurin” to be Re-Sentenced (1)
When the owner of the original BreachForums, Conor Fitzpatrick, aka “Pompompurin,” was sentenced in January of 2024 to time served plus 20 years supervised release with special conditions, it was a shock. Although young, Fitzpatrick had pleaded guilty to conspiracy to commit access device, access device fraud, and possession of child pornography. Based on federal…