Threat actors known as DoppelPaymer claim to have attacked the Illinois Attorney General’s Office. And on April 13, the AG’s office acknowledged that they were investigating a network compromise: April 13 — Attorney General Kwame Raoul today announced the Office of the Attorney General’s network has been compromised. Attorney General Raoul released the following statement:…
CA: Cyberattack targets Santa Clara Valley Transportation Authority
Nico Savidge reports: A cyberattack targeting the Santa Clara Valley Transportation Authority last weekend has forced a days-long shutdown of many of the agency’s computer systems. VTA officials say they believe they have contained the attack, but key systems remained offline Thursday. The authority is still trying to determine whether any personal information of customers…
Ca: Canac hardware stores victims of a cyberattack
David Remillard reports (translation): The Quebec hardware store Canac was recently the target of a cyber attack, causing computer failures for nearly two weeks. For the moment, nothing suggests that sensitive data has been stolen. The cyberattack took place on April 9, confirms Patrick Delisle, the company’s marketing director. The firm seems to be cautiously optimistic…
Will Beacon Health Solutions’ incident prompt OCR to start enforcing notification “without undue delay?”
The following is a DataBreaches.net commentary. Beacon Health Solutions issued a press release yesterday about a breach they experienced last year as a business associate. Their press release provides a useful example of why OCR needs to get serious about enforcing the requirement that entities notify patients within 60 days of “discovery.” “Discovery” does not…
Pupil hacked into computer and changed their grades after teacher left their password on a note stuck to a laptop – as GCHQ begins cyber security training for school staff
Katie Feehan reports: A pupil hacked into their teacher’s computer to change grades after finding the password on a note stuck to a laptop. The same password was used for access to multiple accounts and the pupil’s hack is among the incidents which prompted GCHQ to offer cyber security training to school staff. After obtaining…
Pulse Secure Critical Zero-Day Security Bug Under Active Exploit
Tara Seals reports: CVE-2021-22893 allows remote code-execution (RCE) and is being used in the wild by nation-state cyberattackers to compromise VPN appliances in defense, finance and government orgs. A critical zero-day security vulnerability in Pulse Secure VPN devices has been exploited by nation-state actors to launch cyberattacks against U.S. defense, finance and government targets, as…