Sep 222017

AP reports:

Russian authorities are fighting the extradition of an alleged Russian hacker from Spain to the United States, the suspect’s lawyer said Friday, in the latest move by Moscow to block U.S. prosecution of suspected Russian cybercriminals.

Pyotr Levashov, a 37-year-old known as one of the world’s most notorious hackers, was arrested earlier this year while vacationing with his family in Barcelona on a request from the U.S., where authorities want him on charges of fraud and unauthorized interception of electronic communications.

Read more on Boston Herald.

Sep 222017

Nilesh Morar has been prosecuted at Nuneaton Magistrates’ Court for the offence of unlawfully obtaining personal data.  The defendant, who at the time worked at Leicester City Council, emailed personal data relating to 349 individuals, which included sensitive personal data of service users of the Adult Social Care Department, to his personal email address without his employer, the data controller’s, consent.

Mr Morar pleaded guilty to the offence under section 55 of the Data Protection Act, and was fined £160, ordered to pay £364.08 prosecution costs and a £20 victim surcharge.

Sep 222017

Andy Greenberg reports:

For more than five years, Iran has maintained a reputation as one of the most aggressive nations in the global arena of state-sponsored hacking, stealing data from corporate and government networks around the world, bombarding US banks with cyberattacks, and most brazen of all, unleashing multiple waves of computer-crippling malware that hit tens of thousands of PCs across the Middle East. But amidst that noisy mayhem, one Iranian group has managed to quietly penetrate a broad series of targets around the world, until now evading the public eye. And while that group seems to have stuck to traditional spying so far, it may also be laying the groundwork for the next round of destructive attacks.

Read more on Wired.

Sep 222017

Alexandra Stevenson and Carlos Tejada report that the S.E.C. has disclosed it was hacked last year:

The disclosure, coming on the heels of a data breach at Equifax, the major consumer credit reporting firm, is likely to intensify concerns over potential computer vulnerabilities lurking among pillars of the American financial system.

The Securities and Exchange Commission said in a statement that it was still investigating the breach of its corporate filing system. The system, called Edgar, is used by companies to make legally required filings to the agency.

Read more on The New York Times.

Sep 222017

Did you hear the one about the major credit reporting agency that not only had two hacks this year that have impacted the majority of the population, but then they directed consumers to a fake phishing site?

Yeah, that one.

So at this point, I think it’s pretty clear that the Equifax breach will go down in infosec history not only as being one of the largest and most worrisome breaches but it will also appear on any lists of slow detection and worst incident response.

To add to their woes,  Massachusetts is suing them over the breach discovered in July, and that suit may be only the first with other states doing the same.