Ugh. vpnMentor reports: A group of free VPN (virtual private network) apps left their server completely open and accessible, exposing private user data for anyone to see. ….. Each of these VPNs claims that their services are “no-log” VPNs, which means that they don’t record any user activity on their respective apps. However, we found multiple…
Google Cloud steps up privacy, security with Confidential VMs and Assured Workloads
Stephanie Condon reports: Google Cloud on Tuesday announced two new security offerings designed for customers with highly-regulated or sensitive data that requires extra protection in the cloud. The first, Confidential VMs, is the initial product in Google’s Confidential Computing portfolio, which promises to let customers keep data encrypted while in use. The second, Assured Workloads for Government,…
Citrix denies dark web claim of network compromise and ransomware attack
Simon Sharwood reports: Citrix has taken the unusual step of rebutting dark web discourse that alleges its networks have been compromised. A Wednesday post penned by CISO Fermin J. Serna says the company is aware of “threat intelligence report circulated concerning claims made on the dark web by a threat actor alleging compromise of the Citrix network,…
SEC’s OCIE Issues Ransomware Risk Alert
Kate Hanniford of Alston & Bird writes: On July 10, the SEC’s Office of Compliance Inspections and Examinations (OCIE) issued a Risk Alert noting the increasing sophistication of ransomware attacks on SEC registrants and service providers to SEC registrants. The Risk Alert is notable for its encouragement of financial services market participants more broadly and not just…
Beyond Data Breach: Evaluating Coverage for Misuse of Information Claims
Kyle Medley and Judith Selby of Hinshaw write: Cyber insurance policies typically include coverage for claims arising out of violations of cyber and privacy laws and regulations, but the coverage provided can vary greatly from policy to policy. When considering whether any given claim falls within a policy’s coverage, the following issues should be considered:…
UK: South East Coast Ambulance employee personal and medical details exposed
Charlie Harman reports: The South East Coast Ambulance Service has experienced a massive data breach and has referred itself to a privacy watchdog. In May, the personal and medical details of all ambulance staff could have been seen by employees outside of senior management. Read more on KentOnline