Trusting third-parties and trusting hackers – not the same thing.
https://www.infosecurity-magazine.com/news/minnesota-suffers-secondlargest/
Minnesota Suffers Second-Largest Data Breach
Hundreds of thousands of Minnesotans are receiving letters warning them that their data may have been exposed in the second-largest healthcare data breach in state history.
The letters were sent to individuals who had donated to or been a patient of Allina Health hospitals and clinics or Children’s Minnesota, a two-hospital pediatric health system in the Twin Cities.
Breach notifications warned that personal data may have been exposed following a ransomware attack on third-party vendor Blackbaud in May 2020. The South Carolina company is one of the world's largest providers of education administration, fundraising, and financial management software.
To date, over 3 million people in the United States have been impacted by the attack on Blackbaud, which has also impacted a number of universities, charities, and organizations in the United Kingdom.
… A statement on Allina's website seeks to reassure customers by rather optimistically telling them: "Blackbaud did pay the cybercriminal’s demand with confirmation that the copy of the data that they removed had been destroyed."
(Related)
Ransomware is evolving, but the key to preventing attacks remains the same
… Europol's No More Ransom project is attempting to take the fight to cyber criminals by offering free decryption tools for hundreds of different families of ransomware, something which is estimated to have stopped over four million victims from giving into ransom demands.
… But the best way to protect against the potential damage of a ransomware attack is to make sure organisations, businesses and individuals have the necessary cybersecurity measures in place to avoid falling victim to ransomware in the first place.
"Prevention is the key," said Ruiz. "The main advice is keep backups of your data and keep them offline. Also it's essential that all the operating systems and anti-virus are properly updated; implement any available patch as soon as possible in order to mitigate any vulnerabilities”. It's also important that organisations teach employees how to spot a potential cyberattack.
Makes me wonder what else the “Texas government” could order. (Call out the National Guard?)
https://www.infosecurity-magazine.com/news/texas-government-spoofed/?&web_view=true
Cyber-Criminals Spoof Texas Government
Cyber-criminals have tried to receive free goods by posing as the Texas government and emailing out Requests for Quotes (RFQs).
The multi-layered email attack, in which threat actors pretended to be from the Texas Department of State Health Services, was discovered by researchers at Abnormal Security.
"If unsuspecting salespersons were to respond to this initial request, attackers could establish a line of communication and eventually follow-through with the requested goods," noted researchers.
Using what appears to be a genuine government purchase order, the attackers attempted to obtain products worth hundreds of thousands of dollars without handing over a penny.
… Careful attention had been paid by the attackers to the fine details. The deceptive email included the genuine logo of Texas Health and Human Services, and the request appeared to be sent by John William Hellerstedt, MD, the genuine commissioner of Texas Health.
Researchers noted: "The phone number provided is not associated with the 'bill to' address, although the area code is in Texas and does match the area code for the department of state health services phone number. This is a social engineering tactic aimed to engage recipients into requesting the ship to address, either by email or phone.”
What do you call it when lawyers don’t look at the law? I don’t think “misinterpretation” is the word I’d choose.
Legal misinterpretation to blame for delay in reporting Kentucky unemployment breach
Matthew Glowicki reports:
An inspector general report has found there were “unacceptable” delays in reporting an April security breach of Kentucky’s unemployment system but that residents’ personal information doesn’t appear to have been misused.
The report primarily blames the monthlong delay in reporting the breach on current legal staff who relied on a holdover procedure from the previous administration that misinterpreted state law governing when breaches need to be reported.
Read more on Louisville Courier Journal.
Law and sausage.
https://www.wired.com/story/california-prop-24-fight-over-privacy-future/
The Fight Over the Fight Over California’s Privacy Future
WHEN STATE SENATOR Bob Hertzberg learned that an ambitious privacy initiative had gotten enough signatures to qualify for the ballot in California, he knew he had to act quickly.
“My objective,” he says, “was to get the damn thing off the ballot.”
… Much better, he thought, to address the problem of data privacy through the legislative process. So Hertzberg approached Mactaggart with a deal: work with him to craft a bill, and once it passes, withdraw the ballot initiative. Mactaggart agreed.
… So, about a year after the CCPA was passed—but before it had gone into effect—Hertzberg, who by then was majority leader of the California State Senate, pitched a new idea to Mactaggart. In a total reversal from his earlier stance, Hertzberg urged Mactaggart to bypass the legislative process. Instead, he should fund and draft a new ballot initiative to improve upon the CCPA. And this one wouldn’t be a bargaining chip. It would go all the way to a vote by the people of California. Thus was born the California Privacy Rights Act, which will appear on Californians’ ballots this fall as Proposition 24.
Could this set a precedent for the rest of us? IF they get Fourth Amendment protection, shouldn’t I? Will Google et al file briefs?
Seventh Circuit Examines Lifetime GPS Tracking of Sex Offenders
Joe Kelly reports:
The Seventh Circuit on Friday weighed the intrusiveness of a Wisconsin statute that institutes lifetime GPS monitoring of certain convicted sex offenders against the necessity of preventing further offenses from that particular class of criminals.
The underlying suit was first filed as a federal class action by eight registered sex offenders in March 2019. They argued that a 2017 statutory interpretation by former Wisconsin Attorney General Brad Schimel that broadened the class of sex offenders subjected to lifetime GPS monitoring after the completion of their sentences constitutes an unreasonable search under the Fourth Amendment, calling the tracking “an intrusive search that provides the government detailed, real-time data about a person’s every move.”
Read more on Courthouse News.
You mean it was Okay to hack elections before? (But will Trump veto it?)
House approves legislation making hacking voting systems a federal crime
Not sure this is a good idea, but it should be an attractive one. Do they already have licensing agreements with Google, Facebook and others?
CIA’s new tech recruiting pitch: More patents, more profits
The newest federal lab gives the CIA and its officers the unprecedented ability to make money off inventions that come from within the agency.
Even I can see this is a bluff.
Facebook Says it Will Stop Operating in Europe If Regulators Don’t Back Down
… In a court filing in Dublin, Facebook said that a decision by Ireland’s Data Protection Commission (DPC) would force the company to pull up stakes and leave the 410 million people who use Facebook and photo-sharing service Instagram in the lurch.
No comments:
Post a Comment