Steve Ragan reports: Researchers at Proofpoint recently discovered a Phishing campaign that originated form select job postings on CareerBuilder. Taking advantage of the notification system the job portal uses, the attacker uploaded malicious attachments instead of résumés, which in turn forced CareerBuilder to act as a delivery vehicle for Phishing emails. The scam is both…
DOJ Issues Data Breach Guidance
Alston & Bird write: On Wednesday, April 29, 2015, the Department of Justice Computer Crime and Intellectual Property Section (CCIPS) Cybersecurity Unit issued new, detailed guidance on data breach incident response best practices. The document was announced at an invitation-only round table hosted by DOJ and provides guidance on what DOJ regards as “best practices for victims and potential…
Ca: Privacy commissioner investigating Sask. premier’s office
Mike McKinnon reports: The office of Saskatchewan’s privacy commissioner has officially launched an investigation into an alleged privacy breach by the premier’s office. Peter Bowden, a health care aide who went public on March 30 with concerns about the Saskatoon care home he works at, accused Premier Brad Wall and his chief of operations and communications, Kathy Young,…
UC Berkeley announces another data breach
Their announcement: UC Berkeley officials announced today (Thursday, April 30) that they are sending alert notices to current students and other individuals regarding a computer data breach that may have resulted in unauthorized access to their Social Security numbers or other personal information. There is no evidence that such information has actually been used, but…
Confidential information exposed over 300 times in ICANN security snafu
Kieren McCarthy reports: Two months after claiming there was “no indication” that confidential information was exposed in a security cock-up, domain name overseer ICANN has admitted it happened on at least 330 occasions. Following an audit of its main customer portal, the organization confirmed what we reported at the start of March: that misconfigured Salesforce software had given…
Phishing attack hits another healthcare system
Partners Healthcare System has become the latest healthcare system to disclose that patient data was compromised by employees falling for phishing attacks: Partners HealthCare System, Inc. and its affiliated institutions and hospitals, including Brigham and Women’s Hospital, Brigham and Women’s Faulkner Hospital, Massachusetts General Hospital,North Shore Medical Center, Partners Continuing Care, and Newton-Wellesley Hospital (“Partners…