A cardiac monitoring firm is now notifying patients after a Google search on their name in January led them to an August, 2020 report on this site about a vendor’s leak. But why didn’t they know about it already from the vendor last year or from the notifications this site had sent them last year?…
Booking.com hit with €475K penalty for failing to report a breach within 72 hours
Politico reports: Hotel booking site Booking.com got hit with a €475,000 fine for being late to report a data breach, the company’s lead EU privacy regulator announced Wednesday. The fine, imposed by the Dutch data protection authority because the company is legally established in Amsterdam, came after criminals stole the personal data of more than…
GA: Cyberattack on Cobb schools enabled by contractor’s weak password, police say
Kristal Dixon reports: An attack on the Cobb County School District’s crisis management system that forced all schools into lockdown last month happened because of a weak password, according the police. The password was not created by a school district employee, but a worker with the AlertPoint security system used by the district, police said….
Iranian cyberspies target professionals at medical research organizations in the US, Israel
Catalin Cimpanu reports: Hackers linked to Iran have targeted 25 senior professionals at various medical research organizations located in the US and Israel as part of a weeks-long phishing campaign, email security firm Proofpoint revealed today. The attacks are part of a long series of attacks that have repeatedly and increasingly targeted medical and pharmaceutical…
Ransomware: A Perfect Storm
Ransomware: A Perfect Storm James Sullivan and James Muir Emerging Insights, 29 March 2021 This Emerging Insights paper calls for a new set of policy interventions to reduce the threat from ransomware. Options range from introducing legislation to prevent ransom payments, to tackling the use of penetration testing tools used in ransomware attacks, to national-level mechanisms…
Whistleblower: Ubiquiti Breach “Catastrophic”
Brian Krebs reports: On Jan. 11, Ubiquiti Inc. [NYSE:UI] — a major vendor of cloud-enabled Internet of Things (IoT) devices such as routers, network video recorders and security cameras — disclosed that a breach involving a third-party cloud provider had exposed customer account credentials. Now a source who participated in the response to that breach alleges Ubiquiti…