Commentaries and Analyses

UK: Counter-attacking ransomware hackers

Thomas Rudkin of Farrer & Co writes: There is a developing line of cases in England & Wales where those who have been subject to a ransomware attack take action against the hackers through the civil courts. The question is why bother and what is the best way to go about this if that...

In 2023, Resolve to Fix Your Organization’s Meta Pixel Problem

In 2023, Resolve to Fix Your Organization’s Meta Pixel Problem It’s time to be proactive about user privacy. Find out if you’re sending too much data to Facebook—or if you need to send data at all By: Maria Puertas and Simon Fondrie-Teitler We all use the internet to complete increasingly sensitive tasks: book doctor’s...

Hacker finds bug that allowed anyone to bypass Facebook 2FA

Lorenzo Franceschi-Bicchierai reports: A bug in a new centralized system that Meta created for users to manage their logins for Facebook and Instagram could have allowed malicious hackers to switch off an account’s two-factor protections just by knowing their phone number. Gtm Mänôz, a security researcher from Nepal, realized that Meta did not set up a...

Morgan Hill Unified School District discloses data breach

Morgan Hill Unified School District in California has disclosed a breach that occurred when an employee’s email account was accessed without authorization between September 11 and October 11, 2022. While the district’s investigation was able to confirm connections to the employee’s account during those dates, the investigation was not able to determine which specific...

Case May Impact Role of Lawyers in Data Breaches and IR

Mark Rasch writes: On January 9, 2023, the U.S. Supreme Court heard oral arguments on a criminal tax investigation case out of California that might impact the scope and extent of attorney-client privileges in data forensic investigations. The case, called In Re Grand Jury, Dkt. No. 21-1397, involves a federal grand jury demand for records created...

Why Is No One Ever Penalised for Data Breaches in India?

Srinivas Kodali has a commentary that begins: Indian software service companies are some of the most profitable entities in the world. They provide technology solutions that power Fortune 500 companies and governments across the world, but is their code always secure? The answer is never a simple binary response but more complex in the...

Multiple Vulnerabilities Found In Healthcare Software OpenEMR

Alessandro Mascellino reports: Researchers have found three separate vulnerabilities in OpenEMR, an open-source software for electronic health records and medical practice management. Clean code experts at Sonar published an advisory Wednesday about the discovered flaws by security researcher Dennis Brinkrolf. Thanks to responsible disclosure, the vulnerabilities were addressed in October 2022. Anyone using OpenEMR should update to one of the...

Stratford University discloses ransomware attack — but which ransomware attack?

In September 2022, DataBreaches reported Stratford University had been the target of three ransomware attacks in previous months by REvil, Snatch Team, and Avos Locker.  Snatch Team and Avos Locker had informed DataBreaches that neither had encrypted Stratford’s files; they exfiltrated and attempted to ransom them. Stratford never responded to inquiries from DataBreaches about the...