Edward Kost writes: Volatile Cedar, a cybercriminal group affiliated with the Hezbollah Cyber Unit, has resurfaced after disappearing for almost 6 years. The criminal group was suddenly illuminated on the radar after suspicious activity on Oracle and Atlassian servers was discovered. Volatile cedar breached unpatched Atlassian and Oracle servers by exploiting the following vulnerabilities – CVE-2012-3152, CVE-2019-11581,…
The Netherlands: 440,000 EUR fine for hospital for inadequate authentication and logging
Demi Rietveld and Richard van Schaik of DLA Piper write: The Dutch Data Protection Authority (Autoriteit Persoonsgegevens, “Dutch DPA”) has published its decision to impose an administrative fine of EUR 440,000 on Amsterdam hospital OLVG due to the lack of sufficient measures to prevent access to medical records by unauthorised personnel. After complaints, the Dutch…
In: Exclusive: Congress puts personal data of thousands of its supporters at risk, massive security loophole found on its website
OpIndia staff report: The recently launched drive by the Congress party to induct a whopping 5 lakhs ‘social media warriors’ to support the party has turned out to be an exercised marred with massive security loopholes. The Congress IT cell seems to have slipped even in employing basic IT security systems in place for this…
NC: Central Piedmont Community College impacted by ransomware attack
Central Piedmont Community College experienced a ransomware attack that they first disclosed on February 10. Here is their most recent update: Central Piedmont Community College has experienced a ransomware attack, which was discovered Wednesday evening, Feb. 10. The college’s Information Technology Services (ITS) staff worked tirelessly through the night to take the college’s critical systems…
After hackers blackmailed their clients, Finnish therapy firm declares bankruptcy
Graham Cluley reports: Vastaamo, the Finnish psychotherapy practice that covered up a horrific security breach which resulted in patients receiving blackmail threats, has declared itself bankrupt. Read more on Hot for Security.
Yandex suffers data breach after sysadmin sold access to user emails
Ionut Ilascu reports: Russian internet and search company Yandex announced today that one of its system administrators had enabled unauthorized access to thousands of user mailboxes. The company discovered the breach internally, during a routine check of its security team. The investigation revealed that the employee’s actions led to the compromise of almost 5,000 Yandex…