Rick Earle reports: An exclusive Target 11 investigation into a massive data breach last year has led to a new state law meant to protect every citizen of the Commonwealth. Target 11 Investigator Rick Earle broke the story of that data breach last April and now because of his reporting, state lawmakers passed legislation requiring timely notification of…
New South Wales gets first state-based data breach notice scheme
Justin Hendry reports: New South Wales will have Australia’s first mandatory data breach notification scheme for public sector entities in place within a year after state government legislation passed Parliament. The Privacy and Personal Information Protection Amendment Bill underpinning the long-promised regime sailed through the Legislative Council last night without amendment, having passed the Legislative Assembly…
UK: Reading clinic leaked the email addresses of 288 patients in an emailed invitation
Jay Jay reports: The South Reading & Shinfield Group Medical Practice, a healthcare clinic in Reading, recently leaked the email addresses of many of its patients after clinic officials included their email addresses in an emailed invitation. Source: Teiss
Transparency International blasts Malaysian govt for apathetic reaction to data leaks
MalaysiaKini reports: Transparency International Malaysia (TI-M) has expressed deep concern over the recurring pattern of data leaks from Malaysian government agencies that are empowered and entrusted with personal data. “Media reports last week revealed that data from the voting portal MySPR was publicly on sale on the internet. It was also reported that the caretaker…
Disneyland Malware Team: It’s a Puny World After All
Brian Krebs reports: A financial cybercrime group calling itself the Disneyland Team has been making liberal use of visually confusing phishing domains that spoof popular bank brands using Punycode, an Internet standard that allows web browsers to render domain names with non-Latin alphabets like Cyrillic. The Disneyland Team uses common misspellings for top bank brands in its domains….
US govt: Iranian hackers breached federal agency using Log4Shell exploit
Sergiu Gatlan reports: The FBI and CISA revealed in a joint advisory published today that an unnamed Iranian-backed threat group hacked a Federal Civilian Executive Branch (FCEB) organization to deploy XMRig cryptomining malware. The attackers compromised the federal network after hacking into an unpatched VMware Horizon server using an exploit targeting the Log4Shell (CVE-2021-44228) remote code execution…