Brian Krebs writes: The U.S. Department of Justice (DOJ) recently revised its policy on charging violations of the Computer Fraud and Abuse Act (CFAA), a 1986 law that remains the primary statute by which federal prosecutors pursue cybercrime cases. The new guidelines state that prosecutors should avoid charging security researchers who operate in “good faith” when finding and reporting…
Pysa shuttered its leak site before it ever dumped data from more than half a dozen schools. Here’s what we know so far.
The education sector has always been a relatively easy target for cybercriminals. One group in particular — Pysa — earned a reputation for its ransomware attacks on schools. Despite analyses and alerts in March, 2021 by threat intel firms and the U.S. government indicating that Pysa was a major threat to the education sector in…
Thailand’s Personal Data Protection Act Enters into Force
Hunton Andrews Kurth writes: On June 1, 2022, Thailand’s Personal Data Protection Act (“PDPA”) entered into force after three years of delays. The PDPA, originally enacted in May 2019, provides for a one-year grace period, with the main operative provisions of the law originally set to come into force in 2020. Due to the COVID-19 pandemic,…
US General Says American Hackers Conducted Offensive Operations To Support Ukraine: Report
Anwesha Majumdar reports: As the ravaging Russia-Ukraine war has reached its 99th day, the chief of the United States’ Cyber Command, General Paul Nakasone, claimed that ‘offensive operation’ in support of war-torn Ukraine have been carried out by US military hackers. During an exclusive interview with Sky News, General Nakasone detailed how the separate “hunt forward” operations allowed…
Icare sends private details of 193,000 workers to wrong employers
Lucy Cormack reports: The personal details of almost 200,000 injured workers were mistakenly shared with 587 employers and insurance brokers in a major privacy data breach by embattled state insurer icare last month. A senior source with direct knowledge of the breach said the details of 193,000 employees were contained in spreadsheets that were mistakenly…
CISA Alert (AA22-152A): Karakurt Data Extortion Group
Summary The Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Security Agency (CISA), the Department of the Treasury (Treasury), and the Financial Crimes Enforcement Network (FinCEN) are releasing this joint Cybersecurity Advisory (CSA) to provide information on the Karakurt data extortion group, also known as the Karakurt Team and Karakurt Lair. Karakurt actors have…