RBS is doing a great job of tracking the Click2Gov breaches. In their most recent update, they report: It’s been three months since our original post was published and as feared, breaches of the Click2Gov system continue to be reported. Here is what we’ve learned: Attackers are exploiting an unpatched vulnerability in Oracle’s WebLogic. Early…
Category: Of Note
US Court Seizes Lambo, Crypto Millions from Dead Dark Web Kingpin
Ada Hui reports: On Thursday, September 6, the Fresno Division of the U.S. District Court for the Eastern District of California concluded a 14-month-long civil forfeiture case to seize assets and property that belonged to Alexandre Cazes, the Canadian national who committed suicide by hanging in Thai prison last summer – days after being arrested…
The Mirai Botnet Architects Are Now Fighting Crime With the FBI
Garrett M. Graff reports: The three college-age defendants behind the creation of the Mirai botnet—an online tool that wreaked destruction across the internet in the fall of 2016 with unprecedentedly powerful distributed denial of service attacks—will stand in an Alaska courtroom Tuesday and ask for a novel ruling from a federal judge: They hope to be…
DealerBuilt Settles with New Jersey AG Over Data Breach
Hunton Andrews Kurth reports: On September 7, 2018, the New Jersey Attorney General announced a settlement with data management software developer Lightyear Dealer Technologies, LLC, doing business as DealerBuilt, resolving an investigation by the state Division of Consumer Affairs into a data breach that exposed the personal information of car dealership customers in New Jersey…
Another security breach at Grindr reveals users’ exact location
Tom Capon reports: Grindr’s security issues are once again in the spotlight as a third party app pinpointed users’ exact location. Despite constant reassurances from the app about the difficulties of exploiting their location technology, the latest security breach revealed how malicious parties can locate users. Discovered by blog Queer Europe, they used a third-party…
In a Data-Breach Lawsuit, Can Plaintiffs Use a Company’s Data Breach Notice to Establish Standing?
Alex M. Pearce of Ellis & Winters LLP writes: ….. When a business suffers a data breach, state laws require the business to send a notice to affected individuals. Those laws typically prescribe the contents of the required notice—sometimes in detail. North Carolina’s data breach notification statute, for instance, requires the notice to include “[a]dvice…