Uber’s former Chief Security Officer Joseph Sullivan will have to face wire fraud charges over his alleged role in covering up a 2016 hack that exposed the personal information of millions of Uber passengers and drivers. The breach and its aftermath continue to reverberate after it was disclosed that although Uber knew it had been…
Category: Of Note
Dangerous Ruling Says If Someone Goes Onto Your Openly Shared Google Drive, You Can Sue Them For Unauthorized Access
Mike Masnick writes: If you accidentally leave your Google Drive accessible to anyone with the URL, and someone goes there and deletes stuff, is that “unauthorized access” and a violation of the CFAA? To me, the answer should be absolutely not. But in this recent ruling the judge went the other direction (first noted by Evan Brown). So,…
Over 900,000 Kubernetes instances found exposed online
Bill Toulas reports: Over 900,000 misconfigured Kubernetes clusters were found exposed on the Internet to potentially malicious scans, some even vulnerable to data-exposing cyberattacks. […] Researchers at Cyble have conducted an exercise to locate exposed Kubernetes instances across the itnernet, using similar scanning tools and search queries to those employed by malicious actors. The results show a…
Ransomware Ransom Payments: A Geostrategic Risk
The following is a Google-translated statement addressing the significant and negative impact of ransom payments on the German economy and recommendations to reduce and eliminate the payment of ransoms. In the original German, “Lösegeldzahlungen bei Ransomware-Angriffen: ein geostrategisches Risiko” can be found at https://ransomletter.github.io/: Blackmail Trojans in the form of so-called ransomware have grown into…
Expensive week for Carnival Corp: a $1.25 million settlement with states over one breach, then a $5 million settlement with New York for violating state cybersecurity regulation
It seems this was the week for following up on Carnival Corporation breaches. Earlier this week, state attorneys general announced a $1.25 million multistate settlement with the cruise line over a 2019 data breach first disclosed in 2020. But there was other news concerning the cruise line this week, too. On Friday, the New York…
Everything old is new again? Ransomware groups stop encrypting and switch to theft/extortion model.
In a new post at The Register, Jessica Lyons Hardcastle reports, in part: ….. Increasingly, however, cybercrime rings still tracked as ransomware operators are turning toward primarily data theft and extortion – and skipping the encryption step altogether. Rather than scramble files and demand payment for the decryption keys, and all the faff in between…