22 Jul 2021

Saudi Aramco denies breach after hackers hawk stolen files

Saudi Aramco has denied allegations of a cyberattack despite claims made by ZeroX, a threat actor who reports having stolen 1T of sensitive data from the company. Saudi Aramco is one of the largest oil companies in the world. Cybercriminals allegedly contact news outlets claiming to have stolen data ranging

Read More
19 Jul 2021

Windows 0-Days Used Against Dissidents in Israeli Broker’s Spyware

According to new reports, a unique set of spyware strains created by an Israeli firm used by governments across the world to conduct surveillance on dissidents has been defanged by Microsoft. The company is called Candiru or Sourgum and specializes in the sale of the DevilsTongue surveillance malware. The malware

Read More
16 Jul 2021

Artwork Archive cloud storage misconfiguration exposed user data, revenue records

Misconfigurations in Artwork Archive, a platform used to connect artists to potential buyers, allegedly led to a data leak in which the personally identifiable information (PII) of users was exposed. The WizCase team reported that they discovered a misconfigured Amazon S3 bucket belonging to the platform. The researchers stated that

Read More
12 Jul 2021

Europe Makes the Case to Ban Biometric Surveillance

Recently, the European Data Protection Board, tasked with helping countries implement GDPR consistently, has called for a total ban on utilizing artificial intelligence (AI) technology to conduct facial recognition. The European Data Protection Supervisor joined the former entity in making a push for a ban on the controversial technology. The

Read More
12 Jul 2021

Colorado becomes latest state to pass data privacy law

Colorado has become the third state, following in the footsteps of California and Virginia, to pass a comprehensive data privacy law that effectively forces companies to make changes to how they manage personally identifiable information online. The act, called the Colorado Privacy Act, was signed into law on July 7.

Read More
06 Jul 2021

House Bill Would Require Government to Drastically Modernize Digital ID Verification

A new bipartisan House bill would enable federal agencies to collaboratively revamp the security infrastructure that secures Americans’ digital identifies online, seeking to modernize digital ID verification. The bill, called the Improving Digital Identity Act, was introduced this week by a number of Representatives from both sides of the aisle.

Read More
30 Jun 2021

Kentucky Healthcare System Exposes Patients’ PHI

UofL Health, based in Louisville, Kentucky, has notified more than 40,000 patients of an error that exposed their personal health information. The healthcare system consists of four medical centers, five hospitals, 200 physician practices, 700 providers, the Frazier Rehab Institute, and the Brown Cancer Center. Earlier this month, an email

Read More
28 Jun 2021

EA ignored domain vulnerabilities for months despite warnings and breaches

New information has emerged that gaming giant Electronic Arts (EA) ignored warnings from cybersecurity researchers in December 2020 that the platform contained multiple vulnerabilities that left the company’s network severely exposed to attackers. According to researchers at Israeli cybersecurity firm Cyberpion, they approached EA late last year to inform the

Read More
25 Jun 2021

Data Breach at WorkForce West Virginia

WorkForce West Virginia suffered from a recent data breach in which personal information belonging to job seekers residing in the state may have been exposed. The breach was confirmed yesterday by the governor of West Virginia, Jim Justice, who addressed the incident in a press conference. WorkForce has been notifying

Read More
23 Jun 2021

Six Flags to Pay $36M Over Collection of Fingerprints

Theme park operator Six Flags has agreed to pay a $36 million settlement over a class-action lawsuit in which the Illinois Supreme Court ultimately ruled against the company’s practice of scanning fingerprints when customers enter amusement parks. The theme park operator has allegedly been collecting the biometric data, violating the

Read More