LATEST POST
Looking Ahead to the FTC’s Implementation of the Data Breach Notification Rule for Nonbanking Financial Institutions
From the law firm of Polsinelli PC: Beginning on May 13, 2024, nonbanking “financial institutions” must notify the Federal Trade Commission (“FTC”) within 30 days of discovering a data breach involving the nonpublic personal information of at least 500 consumers. These covered organizations can include a wide variety of companies that engage in financial activities […]
HPE: Russian hackers breached its security team’s email accounts
Bleeping Computer reports: Hewlett Packard Enterprise (HPE) disclosed today that suspected Russian hackers known as Midnight Blizzard gained access to the company’s Microsoft Office 365 email environment to steal data from its cybersecurity team and other departments. Midnight Blizzard, aka Cozy Bear, APT29, and Nobelium, is a Russian state-sponsored hacking group believed to be part […]
Stolen credentials are big business
Panda Security has a blog post on phishing and how it so profitable that criminals don’t always use stolen credentials themselves — they just sell them to other criminals. From the blog post: Phishing attacks have one purpose – to steal your usernames and passwords. Cybercriminals use carefully crafted messages to trick you into visiting a […]
Mother of all breaches reveals 26 billion records: what we know so far
Cybernews reports: The supermassive leak contains data from numerous previous breaches, comprising an astounding 12 terabytes of information, spanning over a mind-boggling 26 billion records. The leak, which contains LinkedIn, Twitter, Weibo, Tencent, and other platforms’ user data, is almost certainly the largest ever discovered. There are data leaks, and then there’s this. A supermassive Mother […]
First Financial Security, Inc. notifies 105,764 people of October ransomware attack
On October 17, 2023, First Financial Security, Inc. (“FFS”_ was the victim of a ransomware attack. The Georgia insurance agency recently notified those affected by the incident that the attack appeared to be an attempt to access and lock all data, including both sensitive and non-sensitive data. “Thankfully, the ransomware attack was not successful in […]
Doxxing You for 25 Bucks
404 Media and Court Watch report: Authorities charged a man from Baltimore on Monday with allegedly running a so-called TLO data service, a tool that makes it incredibly easy for hackers and other criminals to dox nearly anyone in America quickly and for cheap. Chouby Charleron allegedly sold the personal identifying information (PII), including Social […]
Patients Extorted Over Photos Sue Doctors for Security Failures
Bloomberg Law reports: Pilfered snapshots of patients baring their bodies ahead of life-saving cancer operations and plastic surgeries are unexpectedly landing in the vast landscape of the public internet after cyberattacks, as hackers seek new ways to turn a profit. Campaigns to extort victims during ransomware attacks against health-care providers are evolving, according to lawsuits […]
University of Twente Maps Decision-Making Process for Ransomware Victims
From the university’s press release about their research into factors related to whether ransomware victims decide to pay ransom or not — and how much they pay if they do decide to pay: The UT investigated the decision-making process of victims who had to pay ransoms during ransomware attacks. UT researcher Tom Meurs and his […]