LATEST POST
SolarWinds Seeks Dismissal of ‘Unfounded’ SEC Cybersecurity Suit
Bloomberg Law reports on a case that probably has a lot of CISOs somewhat nervous: SolarWinds Corp. issued a full-throated denial of wrongdoing in how it handled one of the worst cyberattacks in history in a Friday court filing seeking the dismissal of US Securities and Exchange Commission allegations that its software security representations defrauded […]
California Privacy Protection Agency Launches New Website with Privacy Rights Resources
Robinson + Cole informs us that the California Privacy Protection Agency (CPPA) has opened a new website at https://privacy.ca.gov/ with resources for California residents to help them understand their rights under the California Consumer Privacy Act (CCPA). The resources include how to submit a complaint against a business that has violated consumer rights under the […]
23andMe admits it didn’t detect cyberattacks for months
23andMe continues to garner negative press for its incident response. It seems like only yesterday that they were trying to blame victims for reusing passwords as the cause of a credential stuffing attack that resulted in the theft of ancestry and genetic data of almost seven million users. But how will they explain to regulators […]
Looking Ahead to the FTC’s Implementation of the Data Breach Notification Rule for Nonbanking Financial Institutions
From the law firm of Polsinelli PC: Beginning on May 13, 2024, nonbanking “financial institutions” must notify the Federal Trade Commission (“FTC”) within 30 days of discovering a data breach involving the nonpublic personal information of at least 500 consumers. These covered organizations can include a wide variety of companies that engage in financial activities […]
HPE: Russian hackers breached its security team’s email accounts
Bleeping Computer reports: Hewlett Packard Enterprise (HPE) disclosed today that suspected Russian hackers known as Midnight Blizzard gained access to the company’s Microsoft Office 365 email environment to steal data from its cybersecurity team and other departments. Midnight Blizzard, aka Cozy Bear, APT29, and Nobelium, is a Russian state-sponsored hacking group believed to be part […]
Stolen credentials are big business
Panda Security has a blog post on phishing and how it so profitable that criminals don’t always use stolen credentials themselves — they just sell them to other criminals. From the blog post: Phishing attacks have one purpose – to steal your usernames and passwords. Cybercriminals use carefully crafted messages to trick you into visiting a […]
Mother of all breaches reveals 26 billion records: what we know so far
Cybernews reports: The supermassive leak contains data from numerous previous breaches, comprising an astounding 12 terabytes of information, spanning over a mind-boggling 26 billion records. The leak, which contains LinkedIn, Twitter, Weibo, Tencent, and other platforms’ user data, is almost certainly the largest ever discovered. There are data leaks, and then there’s this. A supermassive Mother […]
University of Twente Maps Decision-Making Process for Ransomware Victims
From the university’s press release about their research into factors related to whether ransomware victims decide to pay ransom or not — and how much they pay if they do decide to pay: The UT investigated the decision-making process of victims who had to pay ransoms during ransomware attacks. UT researcher Tom Meurs and his […]