LATEST POST
New Security Alert Warns Against Hackers Using CAPTCHA Test That Manipulates Windows Users
By now, most people have encountered CAPTCHA tests to prove they are human and not bots. Some tests ask us to click on a particular object or type in a string of numbers or letters to match a sample, but watch out for what may appear to be a CAPTCHA test that is really a […]
23andMe settles data breach lawsuit for $30 million (1)
Update of December 5: A federal judge granted early approval to a $30 million settlement. The case is In re 23andMe Inc Customer Data Security Breach Litigation, U.S. District Court, Northern District of California, No. 24-md-03098. The official settlement website will be at https://www.23andmedatasettlement.com/ where those affected can get information on who is eligible to […]
Should your company pay cybercriminals after a ransomware attack? It depends.
Some experts from negotiation firms offer their perspectives on the thorny question of whether to pay ransom. Business Insider reports: Cybercriminals stealing important data and holding it for ransom can be a company’s worst nightmare. Instances of ransomware, a type of malicious software that holds sensitive data hostage until a victim pays the attacker, are […]
FBI and CISA Release Joint PSA, Just So You Know: False Claims of Hacked Voter Information Likely Intended to Sow Distrust of U.S. Elections
Released: September 12, 2024 WASHINGTON – Today, as part of their public service announcement (PSA) series to put potential election day cyber related disruptions during the 2024 election cycle into context for the American people, the Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) jointly issued the Just So You Know: False Claims of Hacked Voter […]
Fortinet Confirms Limited Data Breach After Hacker Leaks 440 GB of Data
A hacker claims to have stolen 440 GB of data from cybersecurity firm Fortinet, exploiting an Azure SharePoint vulnerability. The breach, dubbed “Fortileak,” was revealed on a forum with access credentials shared online. HackRead reports: Dubbed Fortileak by the hacker, the breach allegedly originates from an exposure in Fortinet’s Azure SharePoint instance. In the forum post, the […]
Lehigh Valley Health Network to Pay $65M to Settle Suit Over Ransomware Attack That Exposed Patients’ Nude Photos
A blockbuster proposed settlement has been announced involving a ransomware attack last year. The ransomware attack by BlackCat resulted in 134,000 patients of Lehigh Valley Health Network having their data accessed, exfiltrated, and in some cases, leaked online. Distressingly, the threat actors cruelly leaked nude photos of identifiable cancer patients as part of the incident. […]
So you paid a ransom demand … and now the decryptor doesn’t work?
How many times have the government and intel firms warned us that decryptors provided by ransomware gangs do not always work and a significant percentage of victims wind up not recovering all their files even though they paid the ransom? Here’s another example from The Register, where an unnamed victim company paid the Hazard ransomware […]
Retrospective: 2024 in comprehensive state data privacy law
2024 was an active year for state privacy law. Keir Lamont and David Stauss recap the year for IAPP: By the numbers, 2024 experienced a comparable level of activity to 2023 with seven new states passing comprehensive privacy laws, bringing the total number of state laws to 19 — or 20 depending on whether you […]