KTVZ reports: A ransomware attack on a campaign finance firm has prompted the Oregon Elections Division to require that 1,100 users of the state’s online campaign contribution reporting system change their passwords, but Sectary of State Shemia Fagan stressed late Monday that the agency’s systems have not been hacked. […] The Oregon Elections Division learned…
Hackers are actively exploiting BIG-IP vulnerability with a 9.8 severity rating
Dan Goodin reports: Researchers are marveling at the scope and magnitude of a vulnerability that hackers are actively exploiting to take full control of network devices that run on some of the world’s biggest and most sensitive networks. The vulnerability, which carries a 9.8 severity rating out of a possible 10, affects F5’s BIG-IP, a…
Lawyers are nearing a settlement deal for the infamous 2015 OPM hack
Attorneys are closing in on a settlement deal that could deliver up to $63 million to some victims of one of the most cataclysmic data breaches in history The settlement, if approved by a judge, would end a seven-year legal effort to win compensation for more than 21 million current and former federal employees who were…
Insufficient Data Security and Disregard for Student Data Privacy Plague the DeKalb County School District; With Commentary by Jim Siegl
Keegan Brooks writes: The DeKalb County School District has been making thousands of files containing sensitive student and staff information widely accessible to anyone in the district. Types of information exposed have included social security numbers, academic records, medical forms, course transcripts, standardized test scores, discipline records, and the 504/IEP information of students, among others….
Sunday notes: Welldyne, North Alabama Bone & Joint Clinic disclose breaches affecting patient data
A Sunday two-fer on health data breaches: WellDyneRx, LLC (“WellDyne”) issued a press release on May 6 concerning an incident they first detected on December 2. The Florida-headquartered pharmacy benefits service provider’s investigation discovered that there was unauthorized access to an email account between October 30, 2021, and November 11, 2021. “Although there is no…
Cybercrime loves company: Conti cooperated with other ransomware gangs
Seems to be a lot of Conti-related analyses this week, as well as the $10 million reward offered by the government for information leadings to Conti’s leaders. From Intel471: Software developers often depend on the collective knowledge of the industry to build their products. Whether it’s through reverse engineering, poaching talent, or straight up cloning…