In March, thousands of elastic search installations were wiped out and all that was left was a calling card, “NightLionSecurity.com.” Now there’s a new round of attacks using a “Meow” calling card as they wipe out ElasticSearch and MongoDB databases. Dan Goodin reports: More than 1,000 unsecured databases so far have been permanently deleted in…
Category: Of Note
VA sending letter to 1,501 Montana vets about business associate ransomware incident
The Great Falls Tribune reports: The U.S. Department of Veterans Affairs Veterans Health Administration on Thursday announced actions taken to protect veterans’ personal information following a recent privacy breach involving files from the Montana VA Health Care System. Officials said they were notified June 4, by former contractor Benefits Recovery Specialists Inc. of “a data…
Small Health Care Provider Fails to Implement Multiple HIPAA Security Rule Requirements
There’s been a rare sighting of a 2020 HHS settlement of HIPAA charges. An almost 10-year old report of what would be a relatively small breach led to an investigation that uncovered persistent failures to implement the HIPAA Security Rule. From HHS: Metropolitan Community Health Services (Metro), doing business as Agape Health Services, has agreed…
FoxRothschild: U.S. States And Territories Data Breach Statutes (Updated)
Fox Rothschild’s Privacy and Data Security practice group maintains this searchable PDF document as well as the Data Breach 411 app to inform businesses of the breach notification statutes in each of the 50 states, Guam, Puerto Rico and the U.S. Virgin Islands, so they can better understand their rights, obligations and potential liability. Download…
US charges two Chinese spies for a global hacking campaign that targeted COVID-19 research
Zack Whittaker reports: U.S. prosecutors have charged two Chinese nationals, said to be working for China’s state intelligence bureau, for their alleged involvement in a massive global hacking operation that targeted hundreds of companies and governments for more than a decade. The 11-count indictment, unsealed Tuesday, alleges Li Xiaoyu, 34, and Dong Jiazhi, 33, stole terabytes…
Argentinian telecom supposedly hit by a crypto ransomware
Ali Raza reports: A string of massive hacking attacks that are related to cryptocurrencies one way or another continues. Last week, the biggest such hack saw the attackers hijack numerous highly-visible accounts to promote a Bitcoin scam. Today, new reports indicate that Argentina’s largest Telecom fell victim to ransomware that demands a massive ransom. According to…