This is not be the first time the Texas Department of Transportation (TxDOT) has apparently had a data security incident, and it certainly not the largest breach the state has ever experienced, but it appears that TxDOT’s portal for the certified payroll system for contractors has been hacked. Two posts by one individual appeared over…
Malaysia: Govt must be transparent, outcome of alleged data breach probe must be made public
Zarrah Morden reports: Transparency International Malaysia (TI-M) today expressed concern over the alleged data leaks and sale of personal data belonging to Malaysians and urged the government to publicly disclose the results of police investigation into the matter. […] It also suggested that legislators study what is lacking in existing legislation, leading to solutions that…
DisCONTInued: The End of Conti’s Brand Marks New Chapter For Cybercrime Landscape
Yelisey Bogusalvskiy & Vitali Kremez write: On May 19, 2022, the admin panel of the Conti ransomware gang’s official website, Conti News, was shut down. The negotiations service site was also down, while the rest of the infrastructure: from chatrooms to messengers, and from servers to proxy hosts was going through a massive reset. Conti…
Major Cyber Organizations of the Russian Intelligence Services
The Office of Information Security Securing One HHS and Health Sector Security Coordination Center (HC3) have released slides from: Major Cyber Organizations of the Russian Intelligence Services (pdf, 27 pp) TLP: WHITE, ID# 202205191300 May 19, 2022 Agenda • Russian Intelligence Services’ Structure • Russian Intelligence Services’ Mandates • Turla • APT29 • APT28 •…
Decisions by the Personal Data Protection Commissioner of Singapore
The Personal Data Protection Commissioner of Singapore announced several new decisions this week. Here are three of them: A financial penalty of $2,000 was imposed on Southaven Boutique for failing to put in place reasonable security arrangement to prevent the unauthorised access of its customers’ personal data in its Point-Of-Sale system server. Read more. A…
DOJ’s New CFAA Policy is a Good Start But Does Not Go Far Enough to Protect Security Researchers
Andrew Crocker of EFF responds to the announcement this week by DOJ about its revised policy for enforcement of the Computer Fraud and Abuse Act: The Computer Fraud and Abuse Act (CFAA), the notoriously vague anti-hacking law, is long overdue for major reform. Among many problems, the CFAA has been used to target security researchers whose work…