Jonathan Greig reports: A coastal Mississippi county is in the process of recovering from a wide-ranging ransomware attack that took down nearly all of the government’s in-office computers. Nestled right along the border with Alabama, George County is the quiet home to more than 25,000 people. But the local government was thrown into chaos this…
VirusTotal: We’re sorry someone fat-fingered and exposed 5,600 users
Jessica Lyons Hardcastle reports: VirusTotal today issued a mea culpa, saying a blunder earlier this week by one of its staff exposed information belonging to 5,600 customers, including the email addresses of US Cyber Command, FBI, and NSA employees. The unintentional leak was due to the layer-eight problem; human error. On June 29, an employee accidentally uploaded…
1st Circuit confirms standing for data breach victims
Orrick, Herrington & Sutcliffe LLP write: On June 30, the U.S. Court of Appeals for the First Circuit overruled a district court’s dismissal of a putative class action against a home delivery pharmacy service for allegedly failing to prevent a 2021 data breach that exposed the personally identifiable information (PII) of over 75,000 patients. The class…
Hundreds of children’s medical documents found along Cape Coral streets
Justin Kase and Rachel Murphy report: Hundreds of children’s private records were littered along the streets of Cape Coral. Police picked up most of the documents after they were reported Friday. Read more at WINK News. From the transcript and the video of the news, it appears that these are likely student health records held…
Two more breaches involving email gaffes: one by a NZ hospital, one by Fortinet
First, we have this “human error” mistake with email to report today. Hamish McNeilly reports: An email containing the names of vulnerable children was mistakenly sent to other parents and guardians, prompting an apology from Te Whatu Ora Southern. Dozens of parents and guardians received the email on Tuesday from the Vera Haywood Centre, a…
CISA Advisory: Threat Actors Exploiting Citrix CVE-2023-3519 to Implant Webshells
Release Date: July 20 Alert Code: AA23-201A Summary The Cybersecurity and Infrastructure Security Agency (CISA) is releasing this Cybersecurity Advisory to warn network defenders about exploitation of CVE-2023-3519, an unauthenticated remote code execution (RCE) vulnerability affecting NetScaler (formerly Citrix) Application Delivery Controller (ADC) and NetScaler Gateway. In June 2023, threat actors exploited this vulnerability as…