John Leyden reports: Concern is growing within the infosec community that a breach at DevOps platform vendor Travis CI might run deeper than the firm has so far been prepared to admit. Travis CI, a continuous integration and continuous delivery (CI/CD) service for cloud platform projects, admitted to an issue in a post on its community forums while also…
Category: Of Note
Anonymous leaks gigabytes of data from alt-right web host Epik
Ax Sharma reports: Hacktivist collective Anonymous claims to have obtained gigabytes of data from Epik, which provides domain name, hosting, and DNS services for a variety of clients. These include the Texas GOP, Gab, Parler, and 8chan, among other right-wing sites. The stolen data has been released as a torrent. The hacktivist collective says that…
Free REvil ransomware master decrypter released for past victims
Lawrence Abrams reports: A free master decryptor for the REvil ransomware operation has been released, allowing all victims encrypted before the gang disappeared to recover their files for free. The REvil master decryptor was created by cybersecurity firm Bitdefender in collaboration with a trusted law enforcement partner. While Bitdefender could not share details about how they…
Office of the Privacy Commissioner for Bermuda Issues Data Breach Guide
Odia Kagan of Fox Rothschild writes: The Office of the Privacy Commissioner for Bermuda has issued a helpful guide on the various types of harm that could be caused by a data breach. The office also referred to the Future of Privacy Forum research on potential harms. Read more here, In their guidance, the Bermuda privacy…
FTC Warns Health Apps and Connected Device Companies to Comply With Health Breach Notification Rule
The Federal Trade Commission today issued a policy statement affirming that health apps and connected devices that collect or use consumers’ health information must comply with the Health Breach Notification Rule, which requires that they notify consumers and others when their health data is breached. In a policy statement adopted during an open meeting, the Commission noted…
Walgreens’ Covid-19 test registration system exposed — and still exposes? — patient data
Sara Morrison reports: If you got a Covid-19 test at Walgreens, your personal data — including your name, date of birth, gender identity, phone number, address, and email — was left on the open web for potentially anyone to see and for the multiple ad trackers on Walgreens’ site to collect. In some cases, even…