Catalin Cimpanu reports: The operators of the Nemty ransomware have announced this week they were shutting down their service after ten months in operation, ZDNet has learned from a source in the infosec community. […] But in an update posted on a dedicated topic on the Exploit hacking forum, the Nemty operator announced yesterday they…
New York State Investigates Network Hack
Scott Ferguson reports: In January, hackers compromised portions of the New York state government’s computer network by taking advantage of an unpatched vulnerability in Citrix enterprise software, according to the Wall Street Journal. While the New York State Office of Information Technology Services discovered the hacking incident on Jan. 28, officials did not disclose the breach…
RagnarLocker ransomware hits EDP energy giant, asks for €10M
Sergiu Gatlan reports: Attackers using the Ragnar Locker ransomware have encrypted the systems of Portuguese multinational energy giant Energias de Portugal (EDP) and are now asking for a 1580 BTC ransom ($10.9M or €9.9M). EDP Group is one of the largest European operators in the energy sector (gas and electricity) and the world’s 4th largest producer of wind…
You’re One Misconfiguration Away from a Cloud-Based Data Breach
Suresh Kasinathan writes: Not all instances of data exposure in the cloud are the product of malicious intentions from either internal or external actors. In its “2019 Data Breach Investigations Report” (DBIR), for instance, Verizon Enterprise showed that errors constituted one of the top causes in the data breaches it examined. Verizon’s researchers attributed 21%…
Equifax settles Indiana case over massive data breach for $19.5 million
Nate Raymond reports: Equifax Inc will pay Indiana $19.5 million to resolve claims it failed to protect residents whose personal information was exposed in a data breach that affected 147 million people, the state’s attorney general said on Monday. Read more on Reuters.
Another Court Significantly Limits the Scope of Criminal CFAA–Sandvig v. Barr
Eric Goldman writes: The plaintiffs want to create fake job profiles to research algorithmic discrimination. Fearing that their research activities would expose them to criminal CFAA prosecution, they challenged the CFAA as violating their First Amendment rights. Venkat blogged a preliminary ruling in the case 2 years ago. Now, the court dismisses the researchers’ suit as moot…