Gov. Michael L. Parson Alleges Newspaper Reporter Improperly Accessed Data
A newspaper reporter in Missouri who responsibly reported the exposure of Social Security numbers on a state government website has been accused of malicious hacking by the state’s governor. The governor alleged the publication of the vulnerability after it was fixed was part of a “political vendetta.”

https://www.inforisktoday.co.uk/missouri-refers-responsibly-reported-bug-to-prosecutors-a-17737

Gov. Michael L. Parson Alleges Newspaper Employee Improperly Accessed Data
A newspaper employee in Missouri who responsibly reported the exposure of Social Security numbers on a state government website has been accused of malicious hacking by the state’s governor. The governor alleged the publication of the vulnerability after it was fixed was part of a “political vendetta.”

https://www.inforisktoday.co.uk/missouri-refers-responsible-bug-report-to-prosecutors-a-17737

Bill Would Remove Some Third-Party Content ‘Immunity’ Held by Social Platforms
Democratic lawmakers on the House Committee on Energy and Commerce announced legislation that would rein in tech algorithms on platforms exceeding 5 million monthly viewers. This follows a high-profile whistleblower case heard before Congress on Facebook’s allegedly questionable data policies.

https://www.inforisktoday.co.uk/house-lawmakers-announce-bill-targeting-tech-algorithms-a-17736

Focus is on Critical Infrastructure Threats and Clinical Data
MITRE, the not-for-profit organization that works across governmental and federal agencies, as well as various industrial verticals and academia, has set up The Cyber Infrastructure Protection Innovation Center and The Clinical Insights Innovation Cell to protect healthcare.

https://www.inforisktoday.co.uk/mitre-launches-centers-to-protect-infrastructure-health-a-17734

Attackers Can Push Code To A Protected Branch
Researchers at Cider Security have uncovered a security loophole in GitHub Actions that allows adversaries to bypass the required reviews mechanism and push unreviewed code to a protected branch, allowing it into the pipeline to production.

https://www.inforisktoday.co.uk/flaws-in-github-actions-bypass-code-review-mechanism-a-17733

PII of Nearly 28,000 Members Exfiltrated in June 2020 Hacking Incident
The American Osteopathic Association has just begun notifying nearly 28,000 individuals about a June 2020 data exfiltration incident involving their personal information. The medical professional organization says workforce challenges during the pandemic led to the notification delay.

https://www.inforisktoday.co.uk/osteopathic-professional-group-reports-year-old-breach-a-17735

The Data Dump Is Being Broadly Circulated on a Popular Hacking Forum
Thingiverse, a popular website dedicated to sharing user-created digital design files, has reportedly leaked a 36GB backup file that contains 2.5 million unique email addresses and other personally identifiable information.

https://www.inforisktoday.co.uk/thingiverse-data-leak-affects-228000-subscribers-a-17729

The Data Dump Is Being Broadly Circulated on a Popular Hacking Forum
Thingiverse, a popular website dedicated to sharing user-created digital design files, has reportedly leaked a 36GB backup file that contains 2.5 million unique email addresses and other personally identifiable information.

https://www.inforisktoday.co.uk/thingiverse-data-leak-affects-25-million-subscribers-a-17729

New Criminal Penalties, Assistance to Victims in the Ransomware Action Plan
Australia plans to require businesses with more than $10 million in revenue to report ransomware attacks to the government, part of a comprehensive strategy to fight the attacks that also includes new criminal penalties and assistance to victims. The plan would need to be passed by Parliament.

https://www.inforisktoday.co.uk/australia-plans-ransomware-attack-reporting-requirement-a-17731

China, Russia Both Absent from 30-Nation Gathering on the Threat of Ransomware
The White House National Security Council this week kicked off its international counter-ransomware event with participation from more than 30 nations. This gathering aims to elevate both law enforcement collaboration and diplomatic efforts. Noticeably absent from the summit: Russia.

https://www.inforisktoday.co.uk/us-convenes-global-ransomware-summit-without-russia-a-17730

Also, NJ AG Smacks Fertility Clinic With Big Fine in Hacking Incident
A flurry of hacking incidents and other recent breach developments highlight the cyberthreats and risks facing fertility healthcare and other related specialty providers that handle sensitive patient information.

https://www.inforisktoday.co.uk/fertility-testing-lab-says-ransomware-breach-affects-350000-a-17728

How Many Strikes Should Cybercrime-as-a-Service Customers Get Before Getting Busted?
Dutch cybercrime police have a message for almost 30 users of an on-demand distributed-denial-of-service site: We see what you’re doing, now cut it out or we’re going to arrest you. Not for the first time, the move shows police in Europe also emphasizing ethical hacking pursuits instead for young adults.

https://www.inforisktoday.co.uk/dutch-cyber-cops-tell-stresserbooter-customers-cut-out-a-17727

2.4 Tbps Attack Was 140% Higher Than All Recorded Attacks
Microsoft disclosed that it mitigated a 2.4 Tbps DDoS attack, which was 140% higher in scale than any previously recorded network volumetric event on Azure. The firm and some security experts say that attacks of this magnitude could wreak havoc on targeted companies and are difficult to mitigate.

https://www.inforisktoday.co.uk/microsoft-says-mitigated-largest-ever-ddos-attack-a-17725

1 Alleged Co-Conspirator Was Employed by Bank of America, TD Bank
The U.S. Attorney’s Office for the Eastern District of Virginia last week indicted three men - including an ex-employee of Bank of America and TD Bank - with money laundering and aggravated identity theft after the men allegedly conducted an extensive business email compromise scheme.

https://www.inforisktoday.co.uk/3-men-charged-by-us-doj-laundering-bec-proceeds-a-17726

OMB Memo: Agencies Have 90 Days to Allow CISA to Begin Reviewing EDR Status
In an effort to bolster endpoint protection within the U.S. government, the White House is ordering federal agencies to allow CISA to access existing deployments. It is also setting timelines for improving the protection of workstations, mobile phones and servers.

https://www.inforisktoday.co.uk/cisa-to-access-agencies-endpoints-help-enhance-security-a-17723

Accountable Care Organization Says It’s Investigating 2020 Incident
A compromise of sensitive health information affecting nearly 38,000 individuals discovered nearly a year after a terminated company executive accessed the data spotlights some of the top security and privacy challenges covered entities and business associates face with insiders.

https://www.inforisktoday.co.uk/former-executive-accessed-phi-nearly-38000-individuals-a-17724

Also, Bitdefender Report Reinforces Need for Cyber Hygiene When Using BYOD
The UK’s NCSC has published an updated guidance for employees using their personal devices for work. The agency offers technical controls for different types of bring-your-own-device, or BYOD, deployments. And a Bitdefender report stresses the need for good cyber hygiene when using BYOD.

https://www.inforisktoday.co.uk/uk-cybersecurity-agency-releases-new-byod-guidance-a-17722

Count of Victims - Listed on Leak Sites or Not - Appears To Be Holding Steady
One measure of the damage being done by ransomware groups continues to be how many victims get listed on ransomware operators’ dedicated data-leak sites, as part of their so-called double extortion tactics. Unfortunately, the number of victims doesn’t appear to be declining.

https://www.inforisktoday.co.uk/ransomware-no-decline-in-victims-posted-to-data-leak-sites-a-17719

Letter to 4 Departments Asserts that Cryptocurrency Is Enabling These Attacks
A congressional letter sent to the heads of four federal agencies expressed an urgent need for the Biden administration to continue combating ransomware. This includes a particular focus on the cryptocurrency infrastructure that is enabling these cyberattacks, four Democratic lawmakers say.

https://www.inforisktoday.co.uk/democratic-lawmakers-urge-agencies-to-act-on-ransomware-a-17716

Mandiant Report Says Threat Actors Deploy Ryuk, Leverage Initial Access Brokers
A Russian-speaking threat actor group that deploys the Ryuk variant ransomware, leverages initial access brokers, and generally skips double-extortion attempts in favor of fast and higher payout ransoms has been predominately targeting the healthcare sector, warns security firm Mandiant.

https://www.inforisktoday.co.uk/fin12-ransomware-attacks-aggressively-targeting-healthcare-a-17717