Politico reports: Hotel booking site Booking.com got hit with a €475,000 fine for being late to report a data breach, the company’s lead EU privacy regulator announced Wednesday. The fine, imposed by the Dutch data protection authority because the company is legally established in Amsterdam, came after criminals stole the personal data of more than…
GA: Cyberattack on Cobb schools enabled by contractor’s weak password, police say
Kristal Dixon reports: An attack on the Cobb County School District’s crisis management system that forced all schools into lockdown last month happened because of a weak password, according the police. The password was not created by a school district employee, but a worker with the AlertPoint security system used by the district, police said….
Iranian cyberspies target professionals at medical research organizations in the US, Israel
Catalin Cimpanu reports: Hackers linked to Iran have targeted 25 senior professionals at various medical research organizations located in the US and Israel as part of a weeks-long phishing campaign, email security firm Proofpoint revealed today. The attacks are part of a long series of attacks that have repeatedly and increasingly targeted medical and pharmaceutical…
Ransomware: A Perfect Storm
Ransomware: A Perfect Storm James Sullivan and James Muir Emerging Insights, 29 March 2021 This Emerging Insights paper calls for a new set of policy interventions to reduce the threat from ransomware. Options range from introducing legislation to prevent ransom payments, to tackling the use of penetration testing tools used in ransomware attacks, to national-level mechanisms…
Whistleblower: Ubiquiti Breach “Catastrophic”
Brian Krebs reports: On Jan. 11, Ubiquiti Inc. [NYSE:UI] — a major vendor of cloud-enabled Internet of Things (IoT) devices such as routers, network video recorders and security cameras — disclosed that a breach involving a third-party cloud provider had exposed customer account credentials. Now a source who participated in the response to that breach alleges Ubiquiti…
FL: School officials investigate possible breach involving firm they never used
John Henderson reports: Alachua County school officials are investigating whether students’ personal information was compromised after a data breach in a computer system connected to school meal programs. The district notified families of school children Monday that a letter sent out recently by PCS Revenue Control Systems Inc. — a company that handles computer services for reduced lunch programs — is…