Jessica Lyons Hardcastle reports: VirusTotal today issued a mea culpa, saying a blunder earlier this week by one of its staff exposed information belonging to 5,600 customers, including the email addresses of US Cyber Command, FBI, and NSA employees. The unintentional leak was due to the layer-eight problem; human error. On June 29, an employee accidentally uploaded…
1st Circuit confirms standing for data breach victims
Orrick, Herrington & Sutcliffe LLP write: On June 30, the U.S. Court of Appeals for the First Circuit overruled a district court’s dismissal of a putative class action against a home delivery pharmacy service for allegedly failing to prevent a 2021 data breach that exposed the personally identifiable information (PII) of over 75,000 patients. The class…
Hundreds of children’s medical documents found along Cape Coral streets
Justin Kase and Rachel Murphy report: Hundreds of children’s private records were littered along the streets of Cape Coral. Police picked up most of the documents after they were reported Friday. Read more at WINK News. From the transcript and the video of the news, it appears that these are likely student health records held…
Two more breaches involving email gaffes: one by a NZ hospital, one by Fortinet
First, we have this “human error” mistake with email to report today. Hamish McNeilly reports: An email containing the names of vulnerable children was mistakenly sent to other parents and guardians, prompting an apology from Te Whatu Ora Southern. Dozens of parents and guardians received the email on Tuesday from the Vera Haywood Centre, a…
CISA Advisory: Threat Actors Exploiting Citrix CVE-2023-3519 to Implant Webshells
Release Date: July 20 Alert Code: AA23-201A Summary The Cybersecurity and Infrastructure Security Agency (CISA) is releasing this Cybersecurity Advisory to warn network defenders about exploitation of CVE-2023-3519, an unauthenticated remote code execution (RCE) vulnerability affecting NetScaler (formerly Citrix) Application Delivery Controller (ADC) and NetScaler Gateway. In June 2023, threat actors exploited this vulnerability as…
Clop gang to earn over $75 million from MOVEit extortion attacks
Lawrence Abrams takes us through a recent Coveware report on Clop’s shifting strategies and how recent trends in exfiltration-only have impacted the amount of ransom victims are paying. Read his article on BleepingComputer. Related: Coveware: Ransom Monetization Rates Fall to Record Low Despite Jump In Average Ransom Payments