Dan Goodin reports: Dozens of radiology products from GE Healthcare contain a critical vulnerability that threatens the networks of hospitals and other health providers that use the devices, officials from the US government and a private security firm said on Tuesday. The devices—used for CT scans, MRIs, X-Rays, mammograms, ultrasounds, and positron emission tomography—use a…
Category: Of Note
Easy Way In? 5 Ransomware Victims Had Their Pulse Secure VPN Credentials Leaked
Victoria Kivilevich writes: Rising ransomware attacks around the world, together with the recent lists of exposed Pulse Secure VPN credentials set the backdrop for KELA’s latest research. While not all ransomware attacks used CVE-2019-11510 (a vulnerability of unpatched Pulse Secure VPN servers) or the previously shared credentials to the compromised corporate networks, it does add another layer…
The Legal Industry Has Finally Created a Data Security Standard of its Own
Kenya Parrish-Dixon of Empire Technologies Risk Management Group writes: The Association of Corporate Counsel is a professional organization comprised of in-house counsel serving the needs of in-house counsel. It has been in existence, in various forms, since 1983 and is currently an international organization with 45,000 members. After the Federal Trade Commission’s litigation support infrastructure…
Ransomware gangs are now cold-calling victims if they restore from backups without paying
Earlier this week, DataBreaches.net reported that a Georgia dental group was surprised to get a phone call from threat actors informing them that their files had been exfiltrated by the ransomware threat actors. It seems that when they had detected anomalies, they wiped the server and reinstalled from backup, and perhaps never noticed any “read…
A rough week in ransomware….
The following are just a few of the entities hit by ransomware attacks this week: USNR LLC is a manufacturing firm in Woodland, Washington. On their site, they describe themselves as “the world’s largest, most comprehensive supplier of equipment and technologies for the wood processing industry.” And according to a notification they sent, on September…
Twitter data breach decision due on December 17: Irish data regulator
Samuel Stolton reports: Despite “very divergent views” between EU data protection authorities over a case of data breaches by Twitter, a final decision on the bloc’s first major cross-border online privacy case is due to be published on December 17th, it has been revealed. Irish Data Commissioner Helen Dixon said on Thursday (3 December) that talks…