Catalin Cimpanu reports on a zero-day published by researcher Sergey Zelenyuk and his decision to go public instead of going through the usual system of notification, waiting, etc. Some of the issues he raises are ones that I have been hearing about recently from other researchers who are disenchanted, to say the least, with the…
Category: Of Note
Protenus releases its Q3 report on breaches involving health data
Protenus has released its Q3 report on breaches involving health data. As explained in their methodology, since its inception in 2016, Protenus reports have not confined themselves to just using data from HHS’s public breach tool (“The Wall of Shame”). Instead, the Protenus reports, using data compiled by DataBreaches.net, include data from incidents also involving…
Sim Swapping Crypto Hacking Group Busted in Turkey
From TrustNodes: Turkish police has arrested 11 individuals on suspicion of hacking cryptocurrencies through Sim Swapping. The individuals in question allegedly tricked phone providers into transferring the victim’s phone number to them. Apparently fake IDs were prepared for this operation, according to local crypto media, with the thieves pretending the victim’s phone was stolen. They…
No need for Russia to hack the House of Representatives if the House keeps leaving its doors open.
In early August, “Flash Gordon” (@s7nsins on Twitter) contacted me to say that he discovered a leak involving the House of Representatives. In light of all the talk about Russia trying to hack our elections, I decided that we probably should notify the House right away in case there was any kind of sensitive files…
Another State Data Security Law: Ohio Gets in on the Action
Craig A. Newman of Patterson Belknap writes: Starting today, Ohio businesses with written cybersecurity programs will be looking for a free pass if they are sued under state law over a data breach. Ohio’s Data Protection Act (Senate Bill 220, Ohio Rev. Code § 1354.01, et seq.) goes into effect today, creating a safe harbor…
NJ Settles Charges Against Business Associate Responsible for Virtua Medical Patient Data Breach: Vendor Owner Pays $200,000 and is Barred From Owning or Managing Any Business in NJ Again
One question that occasionally pops up is how often businesses go out of business after or due to a data breach. My answer to that is “not often,” but we do it occasionally. In some cases, the breach may just have been a final straw for an already shaky business. Yesterday, during a webinar with…