Apr 192019
 

Todd Ackerman reports:

MD Anderson Cancer Center is ousting three scientists in connection with concerns China is trying to steal U.S. scientific research, the first such publicly disclosed punishments since federal officials directed some institutions to investigate specific professors in violation of granting agency policies.

MD Anderson took the actions after receiving e-mails last year from the National Institutes of Health, the nation’s largest public funder of biomedical research, describing conflicts of interest or unreported foreign income by five faculty members. The agency, which has been assisted by the FBI, gave the cancer center 30 days to respond.

Read more on The Houston Chronicle.

Apr 192019
 

Breaches that involve health data generally will cost you more. Asia Fields reports:

Washington State University learned a costly lesson after a hard drive containing the personal information of more than a million people was stolen from a self-storage locker in 2017. Now, the university is going to have to pay even more.

In a settlement approved in King County Superior Court on Thursday, the university agreed to pay up to $4.7 million in cash reimbursements, attorneys fees and administrative expenses. On top of that, the university will pay for two years of credit monitoring and insurance services for up to 1,193,190 people, according to the settlement agreement.

Read more on Seattle Times.

Apr 172019
 

Hell hath no fury like a vengeful insider, Wednesday edition.  Catalin Cimpanu reports:

In an incident reminiscent of the Shadow Brokers leak that exposed the NSA’s hacking tools, someone has now published similar hacking tools belonging to one of Iran’s elite cyber-espionage units, known as APT34, Oilrig, or HelixKitten.

The hacking tools are nowhere near as sophisticated as the NSA tools leaked in 2017, but they are dangerous nevertheless.

[…]

In an incident reminiscent of the Shadow Brokers leak that exposed the NSA’s hacking tools, someone has now published similar hacking tools belonging to one of Iran’s elite cyber-espionage units, known as APT34, Oilrig, or HelixKitten.

The hacking tools are nowhere near as sophisticated as the NSA tools leaked in 2017, but they are dangerous nevertheless.

Read more on ZDNet.

Apr 172019
 

Catalin Cimpanu reports:

In a document published today, the European Commission has revealed that they don’t have any actual evidence of Kaspersky software being used for spying on behalf of the Russian government, as the US government alluded in 2017.

The document was the Commission’s reply to a series of questions submitted by Gerolf Annemans, a European Parliament member on behalf of Belgium, in March this year.

Read more on ZDNet.

I cannot say I am surprised by any of this. And because the U.S. government has  significantly damaged the firm and weakened international collaboration on law enforcement goals, I hope other countries remember the U.S.’s failure to support their claims with hard evidence the next time we make claims to allies and partners in law enforcement.

 

Apr 162019
 

Brian Krebs reports:

Indian information technology (IT) outsourcing and consulting giant Wipro Ltd. [NYSE:WIT] is investigating reports that its own IT systems have been hacked and are being used to launch attacks against some of the company’s customers, multiple sources tell KrebsOnSecurity. Wipro has refused to respond to questions about the alleged incident.

Read more on KrebsOnSecurity.com.  Note that post-publication, Brian added an update:

Update, April 16, 9:11 a.m. ET: Not sure why it did not share this statement with me, but Wipro just confirmed to the India Times that it discovered an intrusion and has hired an outside security firm to investigate.