Dane Enerio reports: Google has warned that some of its smartphones running the company’s own Android operating system, as well as other devices from manufacturers such as Samsung and Vivo, could be accessed by third-party actors without owners ever becoming aware of such a breach. A total of 18 zero-day vulnerabilities, or exploits previously only…
Category: Of Note
Conti-based ransomware ‘MeowCorp’ gets free decryptor
Ionut Ilascu reports: A decryption tool for a modified version of the Conti ransomware could help hundreds of victims recover their files for free. The utility works with data encrypted with a strain of the ransomware that emerged after the source code for Conti was leaked last year in March [1, 2]. Researchers at cybersecurity company Kaspersky…
BianLian Ransomware Pivots From Encryption to Pure Data-Theft Extortion
Elizabeth Montalbano reports: The BianLian ransomware group is ramping up its operations and maturing as a business, moving more swiftly than ever to compromise systems. It’s also moving away from encryption to pure data-theft extortion tactics, in cyberattacks that have so far bagged at least 116 victims, researchers have found. BianLian, first discovered last July, hasn’t deviated much…
Independent Living Systems updates its breach disclosure; notifying more than 4.2 million patients
In September 2022, Independent Living Systems LLC (ILS), a business associate in Florida, notified HHS and regulators of a network incident that affected 501 patients. They also provided public notice, but were unable to identify and notify all individuals who had been affected. The “501” was simply a marker to indicate “more than 500.” The…
Jelly Bean Communications Design and its Manager Settle False Claims Act Liability for Cybersecurity Failures on Florida Medicaid Enrollment Website
There’s an update to the Florida Healthy Kids breach that was due to their vendor, Jelly Bean Communications, not patching vulnerabilities for seven years. The incident was reported to HHS in January 2021 as impacting 3.5 million patients. Today, the U.S. Department of Justice announced: Jelly Bean Communications Design LLC (Jelly Bean) and Jeremy Spinks…
No need to hack when it’s leaking, DC Health Link edition
On March 12, DataBreaches reported on the Health Benefit Exchange Authority data that was first leaked by a forum user known as “IntelBroker” and then by “Denfur.” The DC Health Link incident attracted a lot of media attention because it involved members of Congress, their staff, and their families. As StateScoop reported today, DC Health…