Maria Dinzeo reports: In a verdict with far-reaching implications for security chiefs nationwide, a federal jury convicted Uber’s former head of security Joe Sullivan on Wednesday of concealing a 2016 data breach from authorities and obstructing an investigation by the Federal Trade Commission into Uber’s security practices. Sullivan had only been on the job a…
Category: Of Note
Netwalker Affiliate, Sebastian Vachon-Desjardins, Sentenced to 20 years in prison
A Canadian man was sentenced to 20 years in prison and ordered to forfeit $21,500,000 today for his role in NetWalker ransomware attacks. The Court will order restitution at a later date. According to court documents, Sebastian Vachon-Desjardins, 35, of Gatineau, Quebec, participated in a sophisticated form of ransomware known as NetWalker. NetWalker ransomware has…
Meta settles lawsuit for ‘significant’ sum against businesses scraping Facebook and Instagram data
Sarah Perez and Zack Whittaker report: Facebook parent Meta has settled a lawsuit in the U.S. against two companies that had engaged in data scraping operations, which had seen them gathering data from Facebook and Instagram users for marketing intelligence purposes, according to the original complaint filed in October 2020. The companies named in the suit, Israeli-based BrandTotal…
Landmark U.S.-UK Data Access Agreement Enters into Force
The Agreement between the Government of the United States of America and the Government of the United Kingdom of Great Britain and Northern Ireland on Access to Electronic Data for the Purpose of Countering Serious Crime (“Data Access Agreement” or “Agreement”) entered into force today. The Agreement is authorized by the Clarifying Lawful Overseas Use…
Electricity Company of Ghana systems hacked with ransomware – Sources
Ghana Business News reports: For about five days now some customers of the largest electricity seller in the country, Electricity Company of Ghana (ECG) have been unable to buy power and others have had their power off for days without respite, because some sections of the company’s systems have been hacked, ghanabusinessnews.com has been told…
Microsoft confirms new Exchange zero-days are used in attacks
Sergiu Gatlan reports: Microsoft has confirmed that two recently reported zero-day vulnerabilities in Microsoft Exchange Server 2013, 2016, and 2019 are being exploited in the wild. “The first vulnerability, identified as CVE-2022-41040, is a Server-Side Request Forgery (SSRF) vulnerability, while the second, identified as CVE-2022-41082, allows remote code execution (RCE) when PowerShell is accessible to…