Lawrence General Hospital in Massachusetts is notifying patients of a breach that occurred in September. In their disclosure, LGH notes that on September 19, they discovered a “data security incident that disrupted the operations of our IT systems.” Their investigation determined that an unauthorized party “may have accessed its IT systems between September 9, 2020…
Israeli companies targeted with new Pay2Key ransomware
Catalin Cimpanu reports: Several companies and large corporations from Israel have been breached and had their systems encrypted using a new strain of ransomware named Pay2Key, in what appears to be a targeted attack against Israeli networks. The first attacks were seen in late October but have now grown in numbers while also remaining contained…
Hackers are exploiting unpatched VoIP flaws to compromise business accounts
Danny Palmer reports: A hacking campaign has compromised VoIP (Voice over Internet Protocol) phone systems at over 1,000 companies around the world over the past year in a campaign designed to make profit from selling compromised accounts. While the main purpose appears to be dialling premium rate numbers owned by attackers or selling phone numbers…
Ie: Data Protection Commission Fine on Tusla Child and Family Agency Confirmed in Court
From the Irish DPC this week: The Irish Data Protection Commission (DPC) today had the decision to impose an administrative fine on Tusla Child and Family Agency confirmed in the Dublin Circuit Court. The application to confirm the decision to impose an administrative fine of €75,000 was made pursuant to Section 143 of the Data…
Deloitte’s ‘Test your Hacker IQ’ site fails itself after exposing database user name, password in config file
Thomas Claburn reports: Updated A website created for global consultancy Deloitte to quiz people on knowledge of hacking tactics has proven itself vulnerable to hacking. The site, found at the insecure non-HTTPS URL http://deloittehackeriq.com/, makes its YAML configuration file publicly accessible. And within the file, in cleartext, is the username and password for the site’s mySQL database….
STJ would have been a victim of ransomware; Ministry of Health suffers attack
It seems like every week, I am being shown evidence of huge — and I do mean HUGE — data leaks out of two countries: India and Brazil. I do not report on most of them. But I am not surprised to read a news report that Brazilian government agencies have been hit with ransomware….