Elizabeth Montalbano reports: The BianLian ransomware group is ramping up its operations and maturing as a business, moving more swiftly than ever to compromise systems. It’s also moving away from encryption to pure data-theft extortion tactics, in cyberattacks that have so far bagged at least 116 victims, researchers have found. BianLian, first discovered last July, hasn’t deviated much…
Current Turmoil and Future Risks in Resolving Data Breach Class Actions
Here’s an interesting post by Mark Olthoff of Polsinelli law firm discussing recent developments in class action lawsuits. Here are some snippets: First, an increasing number of data breach lawsuits are being filed in state court rather than in federal court. Several possible reasons exist for this development. For one, federal courts have limited subject…
Romanian entities issued monetary penalties for infosecurity and data protection failures
Regulators in Romania have issued monetary penalties to six Romanian entities for insufficient technical and organizational measures to ensure information security. Two other entities were issued fines for other GDPR violations. The fines for insufficient technical and organizational measures ranged from 1,000 to 10,000 euros. Two of the entities were in the medical center. A…
Lawsuit: Cop pulled over driver for TikTok livestream—and shared driver’s ID
Ashley Belanger reports: A Dallas County Sheriff’s Department deputy, Francisco Castillo, was briefly suspended after livestreaming a traffic stop, allegedly just to gain TikTok clout, in 2021. Now, the Texas motorist that he pulled over, Torry Osby, is suing, saying that the deputy exposed Osby to risks of identity theft and break-ins at his home by…
Latitude Financial hacked as 300,000 customer identification documents stolen
7News reports what sounds like a serious breach: Financial lender, Latitude Finance, has warned customers of a major cyberattack in which more than 300,000 customer identification documents were stolen. A spokesperson for the company said unusual activity was detected on its systems over the last few days, and it appeared the company’s records had been hacked. They…
Threat Actors Exploit Progress Telerik Vulnerability in U.S. Government IIS Server
CISA Advisory Alert Code AA23-074A Summary From November 2022 through early January 2023, the Cybersecurity and Infrastructure Security Agency (CISA) and authoring organizations identified the presence of indicators of compromise (IOCs) at a federal civilian executive branch (FCEB) agency. Analysts determined that multiple cyber threat actors, including an APT actor, were able to exploit a…