US Court system demands massive changes to court documents after SolarWinds hack
The House Homeland Security Committee has demanded more transparency on what court officials know about the SolarWinds hackers’ access to sensitive filings. The effects of the massive espionage operation could make accessing documents harder for lawyers, the lawmakers say. The Senators are seeking more information about the attackers’ infiltration of
More Cybersecurity Firms Confirm Being Hit by SolarWinds Hack
Two more companies, Mimecast and Qualys, have emerged in the SolarWinds breach, claiming that they were targeted by the same threat actor that breached the IT management solutions provider SolarWinds. The attack was a sophisticated supply chain hack that eventually went on to install backdoors in US agencies’ systems. Fidelis
Einstein Healthcare Network Announces August Breach
Einstein Health Network is a Pennsylvania based health care company offering services such as medical rehab, outpatient and primary care centers. The organization recently announced a breach in which an authorized person was able to gain access to sensitive information and emails. Einstein has known about the breach since August
The aftermath of the SolarWinds breach: Organizations need to be more vigilant
In the wake of the SolarWinds breach in which several key US agencies were hacked in an espionage campaign likely perpetrated by Russian actors, security experts are voicing concerns regarding how organizations manage and implement cybersecurity best practices. It may be necessary for entities to change how they vet vendors
Misconfigured Elasticsearch Instance Exposes More Than 5 Billion Records
An open Elasticsearch incident has reportedly exposed more than 5 billion records from 2012 to March 16, when the breach was discovered. The data in two of the collections is information on data breaches collected by a UK research firm over the course of the same time period. The data
3 Data Breaches Disclosed This Week: J.Crew, T-Mobile, and Carnival
This week, a series of enterprise data breached were disclosed, effecting the companies T-Mobile, J.Crew, and Carnival Corp. The high toll this week underscored how cybercriminals have been targeting companies recently. J.Crew stated that its customers’ information was compromised, and email addresses and passwords were obtained by an unauthorized third
GDPR: 160,000 data breaches reported already, so expect the big fines to follow
Since the implementation of Europe’s new digital privacy regulations, over 160,000 data breaches have been reported to authorities. An analyst at the law firm DLA Piper found that after the General Data Protection Regulation (GDPR) came into effect, the first eight months saw an average of 247 breach notifications per
Wyze Database Leak Exposes 2.4 Million Smart Device Users
A small security mishap within the Wyze database has lead to the exposure of 40 million individual records, according to IPVM. Wyze offers relatively inexpensive security cameras and smart home devices. The misconfigured database held the information of over 2.4 million customers, and the database was left vulnerable for over
Iran Banks Burned, Then Customer Accounts Were Exposed Online
Last month as anti-government protests raged throughout Iran, authorities addressed the destruction of numerous banks across the country. However, a new threat has been introduced, a security breach exposed the information of millions of Iranian customer accounts. On Tuesday, the details of 15 million bank debit cards were posted on

The (Dis)illusion of Control: Context on the concept of increasing cost to adversaries
Conventional wisdom is telling us that “assumption of breach” is the new normal. Some well-respected names in computer security would have you believe that the appropriate response to such conditions is to increase the cost to the attackers. If you’re too expensive to breach – so the logic goes – the bad guys will go looking for someone else. Maybe someday, when everyone makes hacking too expensive, it will stop.