Today’s reminder that even the leak of an email address can put someone’s life at risk. Phil Kemp, Lucy Manning, and Ed Campbell report: Defence Secretary Ben Wallace has ordered an investigation into a data breach involving the email addresses of dozens of Afghan interpreters who worked for British forces. More than 250 people seeking…
Category: Of Note
BlackMatter Hits Grain Cooperative With Ransomware Attack
William Turton reports: Iowa-based grain cooperative New Cooperative Inc. was struck by ransomware in recent days and has shut down its computer systems as it tries to mitigate the attack. The attack occurred on or around Friday, according to Allan Liska, senior threat analyst at the cybersecurity firm Recorded Future Inc. The ransomware gang, which goes by the name…
ALTDOS claims to have hacked one of Malaysia’s biggest conglomerates
Threat actors known as ALTDOS continue to romp their way through attacks on ASEAN entities, garnering very little media attention as they acquire and dump millions of consumer records and proprietary information on businesses. The majority of the victims whose data they have dumped appear to be from Singapore and Thailand, but they do have…
FTC’s Health Breach Notification Rule — Wait, did you say “FTC’s???”
What does it say when a HIPAA lawyer with years of experience says he didn’t know the FTC has a health breach notification rule? Seen on Jeff Drummond’s blog: ” The U.S. Federal Trade Commission issued a policy statement this week confirming that connected devices and health apps that use or collect consumers’ health information must notify users…
U.S. to Target Crypto Ransomware Payments With Sanctions
Well, this is not exactly what I suggested yesterday on Twitter as a strategy (I suggested that every ransomware group that hits the medical sector should be declared a terrorist organization and put on the Treasury’s sanctioned list), but it could help. Ian Talley and Dustin Volz report: The Biden administration is preparing an array…
Credential leak fears raised following security breach at Travis CI
John Leyden reports: Concern is growing within the infosec community that a breach at DevOps platform vendor Travis CI might run deeper than the firm has so far been prepared to admit. Travis CI, a continuous integration and continuous delivery (CI/CD) service for cloud platform projects, admitted to an issue in a post on its community forums while also…