HIPAAJournal has a nice piece on HIPAA enforcement action over the years by state attorneys general. You can access it here.
Category: Of Note
More than 1,200 phishing toolkits capable of intercepting 2FA detected in the wild
Catalin Cimpanu reports: A team of academics said it found more than 1,200 phishing toolkits deployed in the wild that are capable of intercepting and allowing cybercriminals to bypass two-factor authentication (2FA) security codes. Also known as MitM (Man-in-the-Middle) phishing toolkits, these tools have become extremely popular in the cybercrime underworld in recent years after major…
LastPass users warned their master passwords are compromised (UPDATED)
Sergiu Gatlan reports: Many LastPass users report that their master passwords have been compromised after receiving email warnings that someone tried to use them to log into their accounts from unknown locations. The email notifications also mention that the login attempts have been blocked because they were made from unfamiliar locations worldwide. If you are…
Pain and Suffering for a Data Breach? German Court Issues First Decision of Its Kind in Europe.
Odia Kagan of Fox Rothschild writes: A German Court has ordered pain and suffering damages as a result of a data breach, the first decision of its kind in Europe. According to the judgment, Scalable Capital has to pay the plaintiff, represented by consumer organization EuGD Europäische Gesellschaft für Datenschutz mbH, € 2,500 in damages…
Former Uber Chief Security Officer to Face Wire Fraud Charges
SAN FRANCISCO – A federal grand jury handed down a superseding indictment today adding wire fraud to the list of charges pending against Joseph Sullivan for his role in the alleged attempted cover-up of the 2016 hack of Uber Technologies Incorporated, announced Acting United States Attorney Stephanie M. Hinds and FBI Special Agent in Charge…
Ransomware Advisory: Log4Shell Exploitation for Initial Access & Lateral Movement
Vitali Kremez & Yelisey Boguslavskiy write: This redacted report is based on our actual proactive victim breach intelligence and subsequent incident response (not a simulated or sandbox environment) identified via unique high-value Conti ransomware collections at AdvIntel via our product “Andariel.” This is a redacted TLP:WHITE version of the larger AdvIntel findings. Read their report…