Marianne Kolbasuk McGee reports: A federal court recently granted final approval for an $8.9 million settlement of a class action lawsuit against Banner Health stemming from a 2016 data breach. The settlement spells out steps the Phoenix-based organization must take to improve information security. […] The amount that Banner Health has agreed to spend in…
Category: Of Note
Judge Again Pushes Back Nikulin’s Trial Over COVID-19 Concerns
Ross Todd reports: A federal judge in San Francisco has suspended the trial until June in a case against a Russian man accused of hacking Silicon Valley technology companies, which was underway when the COVID-19 outbreak was declared a global pandemic. U.S. District William Alsup of the Northern District of California on Tuesday cited questionnaire…
Shade (Troldesh) ransomware shuts down and releases decryption keys
Catalin Cimpanu reports: The operators of the Shade (Troldesh) ransomware have shut down over the weekend and, as a sign of goodwill, have released more than 750,000 decryption keys that past victims can now use to decrypt their files. Security researchers from Kaspersky Lab have confirmed the validity of the leaked keys and are now working on creating a…
Security researcher discloses four IBM zero-days after company refused to patch
Catalin Cimpanu reports: A security researcher has published today details about four zero-day vulnerabilities impacting an IBM security product after the company refused to patch bugs following a private bug disclosure attempt. The bugs impact the IBM Data Risk Manager (IDRM), an enterprise security tool that aggregates feeds from vulnerability scanning tools and other risk management…
Supreme Court to Consider Whether Improper Data Access Violates Computer Crime Law
From EPIC.org: The Supreme Court will decide whether a person who is authorized to access data for some purposes violates the Computer Fraud and Abuse Act if they access the information for other purposes. The case, Van Buren v. United States, concerns a police officer who accessed a law enforcement database to sell the information to…
Cognizant attacked by Maze ransomware
Late last night, word started circulating that Cognizant had been attacked by Maze Team. Today, the attack was reported by BleepingComputer and confirmed by Cognizant. In a statement on their website, the New Jersey-headquartered multinational corporation writes: Cognizant can confirm that a security incident involving our internal systems, and causing service disruptions for some of…