Catalin Cimpanu reports Microsoft is urging users to abandon telephone-based multi-factor authentication (MFA) solutions like one-time codes sent via SMS and voice calls and instead replace them with newer MFA technologies, like app-based authenticators and security keys. The warning comes from Alex Weinert, Director of Identity Security at Microsoft. For the past year, Weinert has been…
Category: Of Note
DarkSide ransomware is creating a secure data leak service in Iran
Lawrence Abrams reports: The DarkSide Ransomware operation claims they are creating a distributed storage system in Iran to store and leak data stolen from victims. To show they mean business, the ransomware gang has deposited $320 thousand on a hacker forum. DarkSide is run as a Ransomware-as-a-Service (RaaS) where developers are in charge of programming…
Finland government to help victims of identity theft
The Finnish Government has decided on measures to help victims of identity theft and to improve personal identity protection. The Ministry of Social Affairs and Health will firstly ensure that the victims of the data breach at Psychotherapy Centre Vastaamo continue to receive the necessary psychosocial and other support. Support will continue to be provided…
Cyber Consulting Firms Get Tied Up in Post-Breach Lawsuits
Jake Holland and Andrea Vittorio report: Cybersecurity consultants could be on the hook for data breaches at companies they contract with after two recent court rulings in consumer class actions. Accenture Plc’s U.S. unit in October failed to escape claims made against the consultant in a consumer lawsuit over a hack of Marriott International Inc.’s hotel reservations database….
FTC Requires Zoom to Enhance its Security Practices as Part of Settlement
Let’s start with the FTC’s press release in Zoom Video Communications, Inc., In the Matter of Matter Number: 192 3167 The Federal Trade Commission today announced a settlement with Zoom Video Communications, Inc. that will require the company to implement a robust information security program to settle allegations that the video conferencing provider engaged in a series…
Eight months after ransomware attack, Advanced Urgent Care of Florida Keys notifies patients
On March 14, DataBreaches.net reported that Advanced Urgent Care of the Florida Keys had been attacked, and patient data dumped. The data dump had been listed on a Russian-language forum known for data dumps, and the threat actor, then known as “m1x,” called the medical group “Malicious Defaulters” because they wouldn’t pay to prevent data…