Benjamin Freed reports: The Colorado Department of Transportation joined the ranks of dozens of other U.S. government entities affected by the SamSam ransomware virus when it was infected with the malware in February 2018. While the incident was costly — nearly 2,000 computers, servers and network devices were encrypted, while the state spent about $1.5…
Category: Of Note
Seven months after learning of a breach, UCSD still has not notified HIV research participants whose privacy was breached
Brad Racino and Jill Castellano report on what sounds like either willful or negligent handling of highly sensitive information of research participants bu a non-profit participating in some university-funded research. In either event, the university was notified of a breach in October and STILL hasn’t notified the research participants with HIV whose data was available…
UK hacking powers can be challenged in court, judge rules
Charlie Osborne reports: A five-year court battle in the United Kingdom has come to an end with the UK Supreme Court ruling that the UK’s spy agencies and their hacking activities can be made subject to court challenges. On Wednesday, the court ruled that the GCHQ’s Investigatory Powers Tribunal (IPT) is subject to judicial review…
WhatsApp urges users to upgrade app after security breach
Steven Scheer reports: Facebook’s WhatsApp urged users to upgrade to the latest version of its popular messaging app after reporting that users might be vulnerable to having malicious spyware installed on phones without their knowledge. […] Earlier, the Financial Times (FT) reported that a vulnerability in WhatsApp allowed attackers to inject spyware on phones by ringing…
Paterson Public Schools hacked, but when, and where are the data now? (UPDATE 1)
Jayed Rahman reports that Paterson Public Schools in New Jersey was hacked. The attacker allegedly acquired 23,103 account passwords and other computer access tokens. Information stolen in the breach includes desktop logins, email usernames and passwords, and laptop credentials. For example, the email usernames and passwords of all school district employees — including that of…
Oregon Health Authority provides early notification to Oregon State Hospital patients of a phishing incident
I realize that some will fault the entity for making early notification before they have all the facts, but my hat is off to the Oregon Health Authority (OHA). On May 6, they suffered – and quickly stopped – a successful spear-phishing attack that gave the attacker access to one employee’s mail account. That account…