The Press Trust of India reports: The Bombay High Court on Wednesday issued notices to the Union and Maharashtra governments, among others, over a Public Interest Litigation (PIL) that claimed Truecaller mobile application “shared” user data, breaching the law of the country. A bench of Chief Justice Dipankar Datta and Justice GS Kulkarni was hearing…
Spanish King’s health info exposed due to vulnerability in COVID certificate portal
Katie Harris reports: King Felipe VI of Spain’s health data has been exposed in a security breach, insiders fear. The royal was among thousands affected by the computer security failure of the Madrid health system. The breach meant people’s private data such as their telephone number, social security number and address could be accessed by…
People’s Republic of China Passes the Data Security Law: A Summary of What We Know
Kim Peretti, Lance Taubin, and Emily Poole of Alston & Bird write: On June 10, 2021, almost exactly three years after the passing of its Cybersecurity Law (CSL), the National People’s Congress of China passed a new Data Security Law (DSL) (click here for an unofficial English translation of the DSL), which goes into effect September 1, 2021. Where…
BJC HealthCare Data Breach Lawsuit Survives Motions to Dismiss
HIPAA Journal reports: A class action lawsuit filed by two former patients against BJC HealthCare over a March 2020 email data breach has survived two motions to dismiss. Leaha Sweet and Bradley Dean Taylor took legal action against St. Louis-based BJC HealthCare in September 2020 after being notified that their protected health information had potentially…
Digging into Decoder.re in Kaseya ransom notes– threat intel by Resecurity
Interesting #threatintel thread on Twitter this morning from Resecurity (Full disclosure: I worked with one of their team a number of years ago.). Their research findings do not seem to be up on their web site at this time, so hopefully you can access it on Twitter. The thread begins here. In light of the…
Malware campaign targets companies waiting for Kaseya security patch
Graham Cluley reports: While the world continues to wait for Kaseya to issue an update to patch VSA installations against a vulnerability exploited by the REvil ransomware gang, security firm Malwarebytes has spotted a malware campaign which is taking advantage of the vacuum. In a tweet, security researchers shared details of a malicious email that was sent…