Common sense dictates that patients’ protected health information should not be made freely available on FTP servers that have no login required. And yet it still happens, and has happened again. Recently, this site learned of another FTP server exposing patients’ information. This particular FTP server belongs to MedEvolve, an Arkansas company that provides practice management…
Ex-CIA employee ID’d but not charged in Vault 7 leak of hacking tools
It’s the leak/spy story of the year, I think. But no one has been charged as yet, even though they have a suspect. Dan Goodin reports: Federal authorities have identified a suspect behind last year’s Vault 7 leak of Central Intelligence Agency hacking tools. The trove published to WikiLeaks included exploits and documents for infecting…
Shadowy Hackers Accidentally Reveal Two Zero-Days to Security Researchers
Catalin Cimpanu reports: An unidentified hacker group appears to have accidentally exposed two fully-working zero-days when they’ve uploaded a weaponized PDF file to a public malware scanning engine. The zero-days where spotted by security researchers from Slovak antivirus vendor ESET, who reported the issues to Adobe and Microsoft, which in turn, had them patched within…
Officials: Student Info Breached In Bemus Point
Jordan Patterson reports: Bemus Point Superintendent Michael Mansfield addressed at a school board meeting earlier this week the data breach of a program that may have affected students in the district. In late April, Maia Learning — a comprehensive guidance program that helps students plan for college — was breached by a competing company that…
Member of TheDarkOverlord arrested — reports
There are reports in the news this morning that a member of TheDarkOverlord has been arrested by Serbian police. These are translations via Google, and I do not see any report yet naming the arrestee or a photo, but… Serbian police arrested SS (1980) from Belgrade suspected of being one of the hackers from the…
Big Data Breaches Shine Spotlight on Laws Impacting Employee Data Protection
John Litchfield of Foley & Lardner reminds employers that there are new laws coming into effect that impact employers’ collection and protection of employee data. The following laws, he notes, come online this year: Alabama (effective June 1, 2018) Delaware (effective April 14, 2018) Oregon (effective June 2, 2018) South Dakota (effective July 1, 2018)…