Brian Krebs reports: In 2018, Andrew Schober was digitally mugged for approximately $1 million worth of bitcoin. After several years of working with investigators, Schober says he’s confident he has located two young men in the United Kingdom responsible for developing a clever piece of digital clipboard-stealing malware that let them siphon his crypto holdings….
Category: Of Note
Alibaba Cloud data leak ‘violated Cybersecurity Law’ in 2019 and must rectify, local Chinese telecoms regulator says
Coco Feng reports: The telecoms authority of China’s eastern Zhejiang province has told the cloud computing unit of Alibaba Group Holding that it violated the country’s Cybersecurity Law and should make rectifications following a complaint about a 2019 information leak. In a letter dated July 5, the Zhejiang Communications Administration (ZCA) said it found Alibaba Cloud “disclosed…
Hackers Release Data Trove From Belarus in Bid to Overthrow Lukashenko Regime
Ryan Gallagher reports: Opponents of the Belarus government said they have pulled off an audacious hack that has compromised dozens of police and interior ministry databases as part of a broad effort to overthrow President Alexander Lukashenko’s regime. The Belarusian Cyber Partisans, as the hackers call themselves, have in recent weeks released portions of a huge data trove…
Internal emails raise questions about government’s investigation into Walgreens privacy breach
I am so glad to see a follow-up on this case because I had the same questions about how and why Walgreens did not suffer the same federal penalties as CVS and Rite Aid for the same infringement of HIPAA. My original coverage of this breach is no longer online as the former version of…
By Design: How Default Permissions on Microsoft Power Apps Exposed Millions
The UpGuard Team writes: The UpGuard Research team can now disclose multiple data leaks resulting from Microsoft Power Apps portals configured to allow public access – a new vector of data exposure. The types of data varied between portals, including personal information used for COVID-19 contact tracing, COVID-19 vaccination appointments, social security numbers for job applicants, employee…
Morgan Stanley names vendor in data security case
Colin Staub reports: Morgan Stanley has identified the data center decommissioning provider it claims was responsible for a data-breach incident, which led to lawsuits and a $60 million penalty against the financial giant. The bank was named as a defendant in several class-action lawsuits last, after customer information was mismanaged during 2016 and 2019 computer…