The European Union Agency for Cybersecurity mapping on emerging supply chain attacks finds 66% of attacks focus on the supplier’s code. Supply chain attacks have been a concern for cybersecurity experts for many years because the chain reaction triggered by one attack on a single supplier can compromise a network of providers. Malware is the attack…
Category: Of Note
Uber found to have breached Australian’s privacy following 2016 hack
Cameron Abbott and Jacqueline Patishmanof K&L Gates write: In 2017, Uber disclosed to the Office of the Australian Information Commissioner (OAIC) a breach of its some 57 million global users and driver’s personal information (including approximately 1.2 million Australians). Last Friday, the OAIC determined that Uber had breached the Australian Privacy Act by failing to take reasonable steps to…
Inside Forkbombo, the dreaded Kenyan cybercrime gang
Brian Wasuna reports: When financial institutions in Kenya started recording increased cyber-attacks in 2010, it was believed the country’s detectives would easily stamp out the crime. Back then, most cybercrime incidents involved hackers stealing small amounts of money that were near impossible to detect, before graduating to big money heists, in a what is known…
Convenience Store Chain Can’t Shield Investigative Report on Data Breach From Discovery, Judge Rules
We often hear of firms having their counsel running incident response and contracting of forensics, etc., so that any reports would be protected by work product doctrine as well as attorney-client privilege. But if the attorney doesn’t word the contract carefully, any report may not be covered by the doctrine. We saw that in a…
Kaseya obtains universal decryptor for REvil ransomware victims
Lawrence Abrams reports: … Today, Kaseya has stated that they received a universal decryptor for the ransomware attack from a “trusted third party” and are now distributing it to affected customers. “We can confirm we obtained a decryptor from a trusted third party but can’t share anymore about the source,” Kaseya’s SVP Corporate Marketing Dana…
TX: Thousands of employees and dependents of Whitehouse ISD just had their data dumped on the dark web
School districts continue to be low-hanging fruit for threat actors. While Grief threat actors hacked and then dumped data from Clover Park School District in Washington, Booneville School District in Mississippi, and Lancaster ISD in Texas, Vice Society hacked and then dumped data from Whitehouse ISD, also in Texas. On June 28, DataBreaches.net emailed Whitehouse…