Following up on a somewhat atypical strategy to monetize an alleged attack on Tipalti,  AlphV updated their leak site post today. It now reads: We are systematically reaching out to affected clients of Tipalti, the first batch (consisting of organizations with the most data exfiltrated), have been sent communications requesting initial contact. We will immediately ..read more

Abstract While many statutes recognize that violations of privacy cause harm—and some even provide for private rights of action to enforce privacy rights—scholars have speculated that the judicial doctrine of Article III standing could create a procedural hurdle to remedying privacy harms. This empirical study maps the extent of that hurdle by investigating the data ..read more

Kevin Beaumont writes: How CitrixBleed vulnerablity in Netscale has become the cybersecurity challenge of 2023. Credit union technology firm Trellance owns Ongoing Operations LLC, and provides a platform called Fedcomp — used by double digit number of other credit unions across the United States. This Fedcomp platform was not patched for CitrixBleed, as no Netscaler ..read more

Over at SuspectFile, Marco A. De Felice writes: We are in the early days of last September when the American division of the Chinese multinational Hangzhou Great Star Industrial Co., Ltd (Great Star), in order to avoid the publication of administrative and company secrets documents, decided to negotiate with the Akira ransomware group and pay ..read more

From the U.S. Attorney’s Office in Massachusetts on November 29: BOSTON – An Ayer man was charged today and agreed to plead guilty in connection with a June 2023 cyberattack targeting the computer network of his former employer, an Essex County public high school. Conor LaHiff, 30, was charged in an Information with one count ..read more

Anna Isaac and Alex Lawson report: The UK’s most hazardous nuclear site, Sellafield, has been hacked into by cyber groups closely linked to Russia and China, the Guardian can reveal. The astonishing disclosure and its potential effects have been consistently covered up by senior staff at the vast nuclear waste and decommissioning site, the investigation ..read more

The Jerusalem Post reports: Over 500 gigabytes of data, including hundreds of thousands of IDF medical records were allegedly stolen by Iran-linked hackers during a cyberattack on Ziv Medical Center in Safed, Israel, the hackers claimed on Telegram. This is the third time Ziv has has fallen victim to a cyberattack in four months. […] On their ..read more

So AlphV (aka BlackCat) is trying something different again, it seems. This time, it seems they are claiming a victim before they have even attempted to contact the victim or extort them. They post no proof of claims. They state that they are taking this approach because the victim’s cyberinsurance policy does not cover extortion ..read more

The Norwegian Supervisory Authority (Datatilsynet) has taken enforcement action, imposing a fine of EUR 1.7 million (USD $1.85 million) on Arbeids- og velferdsetaten, the Norwegian Labor and Welfare Administration (NAV). As part of its investigation, the DPA found that the controller had failed to implement appropriate technical and organizational measures to protect personal data. For example, the ..read more

Somasetty Suresh reports: A health worker has been apprehended by the authorities for an alleged misuse and disclosure of vaccination data. The individual, whose identity has not been revealed, has been charged with accessing a computer system for dishonest purposes. The incident came to light recently, prompting swift action from the concerned authorities. The accused ..read more