ERR reports: Personal and health data belonging to approximately 10,000 people has been illegally downloaded from the Tartu-based genetic testing company Asper Biogene’s database, the State Prosecutor’s Office said on Thursday. Those affected are in the process of being notified. A criminal investigation has been launched by the Southern Prefectural Criminal Bureau which is in…
Opening a Can of Whoop Ads: Detecting and Disrupting a Malvertising Campaign Distributing Backdoors
Ryan Tomcik, Adrian McCabe, Rufus Brown, and Geoff Ackerman write: Earlier this year, Mandiant’s Managed Defense threat hunting team identified an UNC2975 malicious advertising (“malvertising”) campaign promoting malicious websites themed around unclaimed funds. This campaign dates back to at least June 19, 2023, and has abused search engine traffic and leveraged malicious advertisements to affect…
FCC Approves Major Updates to Data Breach Notification Rules
Chris Riotta reports: The U.S. Federal Communications Commission voted Wednesday along party lines to update 16-year-old privacy protection rules and expand breach notification requirements as part of an effort to provide law enforcement and the public with real-time information about harmful data breaches. The new rule expands the scope of the FCC’s breach notification requirements…
Prolonged internet outage forces Henry County Schools to return to basics
Leon Stafford reports: Under normal circumstances, Henry County teacher Samantha Hawthrone’s third graders would pull out their Chromebooks when building pie charts and histograms. But last week, Hawthrone’s Austin Road Elementary School class was constructing bar graphs the old-fashioned way — on paper printed out for each student. Instead of building the charts using a…
UK: Corringham school apologizes after sharing personal pupil data
Stuart Woodward and Shivani Chaudhari report: A school has apologised for sending an email to parents which listed the personal data of 69 pupils who were being disciplined for bad behaviour. The principal at Ortu Gable Hall School in Corringham, Essex, said the email was sent by mistake and parents were asked to delete it….
New leak site reveals yet two more U.S. medical sector victims (2)
There’s a new leak site on the dark web this week, by an individual or individuals calling themself “DragonForce.” Most of the listings on the site are dated December 13 but appear to refer to attacks that were made previously. DataBreaches spotted two medical sector victims among the listings: Heart of Texas Behavioral Health Network…