Jeanne Whalen reports: Taking his campaign against Chinese technology down to the wire, President Trump on Tuesday signed an executive order banning transactions with a number of Chinese mobile apps, including Alipay and WeChat Pay. The order will take effect in 45 days, after the start of the Biden administration, leaving its fate unclear. Read…
Joint Statement by the Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Security Agency (CISA), the Office of the Director of National Intelligence (ODNI), and the National Security Agency (NSA)
January 5 2021 — On behalf of President Trump, the National Security Council staff has stood up a task force construct known as the Cyber Unified Coordination Group (UCG), composed of the FBI, CISA, and ODNI with support from NSA, to coordinate the investigation and remediation of this significant cyber incident involving federal government networks….
Aurora Cannabis breach exposes personal data of former, current workers
Solomon Israel reports: A data breach at Aurora Cannabis has exposed the personal information of an unknown number of the Canadian company’s current and former employees, Marijuana Business Daily has learned. An email sent to a victim of the data breach cites a Dec. 25 “cybersecurity incident during which unauthorized parties accessed data in (Microsoft cloud…
Ho Mobile offers to replace 2.5m SIM cards after hackers snag user details
Oisin Sweeney reports a follow-up to a previously noted Ho Mobile breach: On Monday (January 4th) the Vodafone owned company confirmed a massive data breach and is now taking the unprecedented step of offering to replace the SIM cards of all 2.5 million affected customers. Read more on EuroWeekly.
Belgian consultancy Finalyse emerges unscathed from ransomware attack
Pieterjan Van Leemputten reports that one of Avaddon’s victims successfully aborted a ransomware attack and was able to restore from backup. And worse for the attackers, Finalyse reportedly isn’t concerned about the 98 GB Avaddon claims to have exfiltrated. The attackers posted a screencap of the directory to pressure Finalyse, but it seems to have…
“Without Undue Delay, Part 1:” Update on earlier ransomware cases
In November, DataBreaches.net published a commentary arguing that patients need to be notified sooner of ransomware dumps even if HIPAA would seem to allow up to 60 days. As a companion to that piece, this site looked at 30 claimed ransomware attacks on U.S. healthcare entities that had been revealed on dedicated leak sites by…