Top Class Actions reports: American HomePatient has agreed to pay $1 million to resolve claims that they failed to protect patient data in a burglary incident. The settlement benefits current or former patients and customers of American HomePatient Inc. and Lincare Holdings Inc. whose personal identifying information was stored on the unencrypted hard drives stolen…
Secret Russian IoT Botnet Exposed In FSB Contractor Breach
Daniel Golightly reports: Russian hacking group Digital Revolution has discovered the existence of a secret FSB program dubbed the “Fronton Program” that reportedly points to the creation of an IoT botnet. Reported by SC Media, the hackers breached subcontractor ODT (Oday) LLC. ODT was working with frequent Russian Ministry of Internal Affairs contractor InformInvestGroup CJSC. The…
Ca: Toronto residents’ data improperly shared with councillor’s office in privacy breach
David Rider reports: More than 7,000 Torontonians are being told their personal information was improperly disclosed to a city councillors’ office, the Star has learned. In a March 17 letter to 7,227 people in a program for senior citizens and disabled people who receive free sidewalk snow clearing, Vincent Sferrazza, a city transportation director, tells…
FSB Takes Down Top-Tier Marketplace, Arrests Admins
Gemini Advisory has a fascinating piece on the takedown of a top-tier marketplace and the arrest of its administrators. Stas Alforov and Christopher Thomas report that when the Russian Federal Security Service (FSB) reportedly arrested 30 members of a hacker ring that specialized in selling stolen card data, Gemini noted that a popular dark web…
Dark web hosting provider hacked again — 7,600 sites down
Catalin Cimpanu reports: Daniel’s Hosting (DH), the largest free web hosting provider for dark web services, has shut down today after getting hacked for the second time in 16 months, ZDNet has learned. Almost 7,600 dark web portals have been taken offline following the hack, during which an attacker deleted the web hosting portal’s entire database….
Someone’s wiping out elastic searches and leaving a security firm’s name
Security researcher Bob Diachenko reported a disturbing finding yesterday: someone was wiping out public-facing elastic searches and leaving “NightlionSecurity.com” in their place: Looks like malicious actors now using @vinnytroia‘s company name in another wave of Elasticsearch automated attacks in an attempt to compromise him. https://t.co/6msI0aKLfa pic.twitter.com/Y1DQ1iCzBG — Bob Diachenko (@MayhemDayOne) March 25, 2020 By this…