Lizzy Buchan reports that there was a second email gaffe that exposed additional Afghan interpreters. Once again, it seems, email addresses were visible to all addressees instead of being in the blind-copied fields. Some 55 people’s details were revealed, according to the BBC. The disastrous blunder comes after Defence Secretary Ben Wallace was forced to…
Category: Of Note
NZ: Reserve Bank hit with compliance notice from Privacy Commissioner over data breach
Chris Keall reports: The Reserve Bank has suffered the ignominy of being the first organisation to be hit by a compliance notice under the new Privacy Act, which came into force in December last year. Privacy Commissioner John Edwards says an independent review carried out by KPMG after a December 2020 cyber attack “revealed multiple…
CISA, FBI, and NSA Release Joint Cybersecurity Advisory on Conti Ransomware
Alert (AA21-265A): Conti Ransomware The Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) have observed the increased use of Conti ransomware in more than 400 attacks on U.S. and international organizations. In typical Conti ransomware attacks, malicious cyber actors steal files, encrypt servers and workstations, and demand a ransom payment….
Oops? RaidForums data marketplace accidentally exposes private staff page
Ax Sharma reports: RaidForums is an underground place where private databases obtained from data breaches, vulnerability exploits, and credit card information sets are illegally traded by threat actors, or sometimes leaked for free. On RaidForums, the “Staff General” section is typically restricted to internal staff members only, but in an ironic twist of fate, this private section was accidentally left open for viewing by…
U.S. Treasury Department: Publication of Updated Ransomware Advisory; Cyber-related Designation
Treasury Takes Robust Actions to Counter Ransomware WASHINGTON — As part of the whole-of-government effort to counter ransomware, the U.S. Department of the Treasury today announced a set of actions focused on disrupting criminal networks and virtual currency exchanges responsible for laundering ransoms, encouraging improved cyber security across the private sector, and increasing incident and…
Ransomware Resources for HIPAA Regulated Entities
The HHS Office for Civil Rights (OCR) is sharing the following information to ensure that HIPAA regulated entities are aware of the resources available to assist in preventing, detecting, and mitigating breaches of unsecured protected health information caused by hacking and ransomware. HHS Health Sector Cybersecurity Coordination Center Threat Briefs: https://www.hhs.gov/about/agencies/asa/ocio/hc3/products/index.html#sector-alerts January 28, 2021 –…