Collaborate Disseminate
Uber’s former Chief Security Officer Joseph Sullivan will have to face wire fraud charges over his alleged role in covering up a 2016 hack that exposed the personal information of millions of Uber passengers and drivers. The breach and its afterm… Continue reading Former Uber security chief will have to face wire fraud charges in hack coverup
Mike Masnick writes: If you accidentally leave your Google Drive accessible to anyone with the URL, and someone goes there and deletes stuff, is that “unauthorized access” and a violation of the CFAA? To me, the answer should be absolutely not. But in … Continue reading Dangerous Ruling Says If Someone Goes Onto Your Openly Shared Google Drive, You Can Sue Them For Unauthorized Access
Bill Toulas reports: Over 900,000 misconfigured Kubernetes clusters were found exposed on the Internet to potentially malicious scans, some even vulnerable to data-exposing cyberattacks. […] Researchers at Cyble have conducted an exercise to loca… Continue reading Over 900,000 Kubernetes instances found exposed online
The following is a Google-translated statement addressing the significant and negative impact of ransom payments on the German economy and recommendations to reduce and eliminate the payment of ransoms. In the original German, “Lösegeldzahlungen … Continue reading Ransomware Ransom Payments: A Geostrategic Risk
It seems this was the week for following up on Carnival Corporation breaches. Earlier this week, state attorneys general announced a $1.25 million multistate settlement with the cruise line over a 2019 data breach first disclosed in 2020. But there was… Continue reading Expensive week for Carnival Corp: a $1.25 million settlement with states over one breach, then a $5 million settlement with New York for violating state cybersecurity regulation
In a new post at The Register, Jessica Lyons Hardcastle reports, in part: ….. Increasingly, however, cybercrime rings still tracked as ransomware operators are turning toward primarily data theft and extortion – and skipping the encryption step a… Continue reading Everything old is new again? Ransomware groups stop encrypting and switch to theft/extortion model.
CafePress Must Bolster Data Security Protections, Pay Half a Million Dollars The Federal Trade Commission finalized an order against CafePress over allegations that it failed to secure consumers’ sensitive personal data including Social Security number… Continue reading FTC Finalizes Action Against CafePress for Covering Up Data Breach, Lax Security
Bill Fitzgerald writes: Even the smallest of school districts are complicated places. Communicating with stakeholders is hard to do well, and getting the details right is imperative. The details become even more important when school boards and superin… Continue reading This is (One of Many Reasons) Why Districts Get Hit with Ransomware
Scott Ikeda reports: The Attorney General of the United Kingdom has declared the country can make use of defensive cyber attacks when “key services” (such as critical infrastructure and banks) are struck by foreign threat actors. The country is taking … Continue reading Defensive Cyber Attacks Declared Legal by UK AG, Path Cleared to “Hack Back” When Critical Infrastructure & Services Attacked
Isobel Sullivan reports: If you’re one of Telegram’s 500 million active users, your privacy may no longer be guaranteed. Last Friday Der Spiegel, Germany’s largest news site, revealed that operators of the messaging platform handed ov… Continue reading Telegram Reportedly Exposed User Data To Authorities