Scott Greenfield comments on a ruling previously noted on this site: In an underappreciated ruling, District of Columbia Judge Amit Mehta ruled that the multinational law firm Covington & Burling must comply with an SEC subpoena requiring the firm to give up the names of clients, publicly-traded corporations, in order for the SEC to investigate whether…
School Accreditation Organization Data Breach Exposed Sensitive Information on Students, Parents, and Teachers Online
Seen on WebsitePlanet: Cybersecurity Researcher, Jeremiah Fowler, discovered and reported to WebsitePlanet a non-password protected database that contained 680k records. Upon further investigation, it was identified that these records were related to educational institutions. Documents inside the database suggested that it belonged to the Southern Association of Independent Schools, Inc (SAIS). In my many years as…
Attacked by Black Basta, BankCard USA paid ransom.
Marco A. De Felice of SuspectFile (aka @amvinfe) reports that BankCard USA (BUSA) recently paid the Black Basta ransomware group $50,000 ransom. But if BUSA hoped to keep the breach and payment out of the public eye, they should sit down before they read SuspectFile’s reporting, because it is going to make them sad. BankCard…
The Chattanooga Heart Institute to notify 170,450 about March “data security incident”
In May, DataBreaches dutifully noted The Chattanooga Heart Institute (CHI) on our non-public worksheets. At the time, all we knew was that Karakurt threat actors had claimed to have attacked them and to have exfiltrated 158 GB of data. There was no proof of claim offered, but Karakurt wrote: Employees and patients’ private data will…
Arizona man who extorted Georgia Tech sentenced to prison
ATLANTA, July 27 – Ronald Bell has been sentenced to two years and nine months in prison for extorting Georgia Tech. Bell recruited a security guard to falsely claim that the guard witnessed an assault by its basketball coach in exchange for part of the extortion payout he expected to receive from the university. “Ronald…
CISA Advisory: Preventing Web Application Access Control Abuse
Release Date: July 27, 2023 Alert Code: AA23-208A SUMMARY The Australian Signals Directorate’s Australian Cyber Security Centre (ACSC), U.S. Cybersecurity and Infrastructure Security Agency (CISA), and U.S. National Security Agency (NSA) are releasing this joint Cybersecurity Advisory to warn vendors, designers, and developers of web applications and organizations using web applications about insecure direct object…