Collaborate Disseminate
The Norwegian Government Security and Service Organisation (DSS) has detected a cyber-attack on the ICT platform used by 12 ministries. The matter is currently being investigated by the police. “We are taking this incident very seriously. The Norwegian… Continue reading Norwegian ministries hit by cyberattack
Orrick, Herrington & Sutcliffe LLP write: On June 30, the U.S. Court of Appeals for the First Circuit overruled a district court’s dismissal of a putative class action against a home delivery pharmacy service for allegedly failing to prevent a 2021… Continue reading 1st Circuit confirms standing for data breach victims
Release Date: July 20 Alert Code: AA23-201A Summary The Cybersecurity and Infrastructure Security Agency (CISA) is releasing this Cybersecurity Advisory to warn network defenders about exploitation of CVE-2023-3519, an unauthenticated remote code execu… Continue reading CISA Advisory: Threat Actors Exploiting Citrix CVE-2023-3519 to Implant Webshells
Lawrence Abrams takes us through a recent Coveware report on Clop’s shifting strategies and how recent trends in exfiltration-only have impacted the amount of ransom victims are paying. Read his article on BleepingComputer. Related: Coveware: Ran… Continue reading Clop gang to earn over $75 million from MOVEit extortion attacks
Earlier this week, DataBreaches reported that two plastic surgery practices in California had both suffered cyberattacks. When the doctors did not pay ransom demands, attackers leaked nude patient pictures and patient info. One attack was by AlphV (Bla… Continue reading Now a third plastic surgery practice has nude patient photos leaked
Gerald L. Maatman, Jr., Alex W. Karasik, and George J. Schaller of Duane Morris write: In Steinmetz et al. v. Brinker International, Inc., No. 21-13146, 2023 U.S. App. LEXIS 17539 (11th Cir. July 11, 2023), the Eleventh Circuit vacated the district cou… Continue reading Eleventh Circuit Requests Refined Class Definition For Data Breach Class Action
James Rundle reports: Payroll services provider UKG has agreed to settle a class-action lawsuit stemming from a cyberattack in 2021, capping a significant piece of litigation that emerged from the incident. A ransomware strike in December 2021 forced p… Continue reading Payroll Services Provider UKG Agrees to $6 Million Settlement in Data-Breach Lawsuit
When the arrest of Conor Fitzpatrick, aka “Pompompurin,” was made known on March 17, 2023, the members of Breached.vc (“BreachForums”) were shocked to learn from court filings how poor their forum owner’s OpSec was and th… Continue reading Owner of BreachForums pleads guilty in federal court to a charge that shocks everyone
Rosie Talaga reports: QuickBlox, a software development framework used in telemedicine and finance, was found to have several critical security flaws, according to a joint study from computer and network security research firms Check Point Research and… Continue reading Millions of personal records unprotected in flawed telemedicine application software
Cat Zakrzewski reports: The Federal Trade Commission has opened an expansive investigation into OpenAI, probing whether the maker of the popular ChatGPT bot has run afoul of consumer protection laws by putting personal reputations and data at risk. The… Continue reading FTC investigates OpenAI over data leak and ChatGPT’s inaccuracy