Hacker “DarkOverlord” is offering more than 9 million health insurance records for sale in a dark web souk at the reported price of $700,000 in Bitcoin. It’s unconfirmed that the data are genuine, and, if genuine, it’s unknown what companies were breached.
TrapX warns of the risk to medical data posed by medical devices still running Windows 7 and Windows XP.
SecureWorks claims that “Threat Group 4127” (a.k.a. “APT28,” “Sofacy,” “Sednit,” “Fancy Bear,” and “Pawn Storm”—a GRU operation, according to CrowdStrike, if you’re keeping score) has targeted some 1800 targets in addition to the Democratic National Committee.
Google CEO Sundar Pichai’s Quora account was hacked by “OurMine,” a group that claims to be providing a security testing service. Essentially no one believes them legitimate.
Check Point claims its Investigative Report spooked the Nuclear exploit kit’s criminal impresarios into taking down their wares.
According to Sucuri an IoT-based distributed denial-of-service campaign against a jewelry store has been mounted using a botnet of 25,000 security cameras.
The US Internal Revenue Service, seeing more “questionable activity,” has decided to retire its troubled electronic filing PIN tool. The US Office of Personnel Management has acknowledged what informed observers have long said: the breach it suffered of its security clearance management system affected “tens of millions” of family, friends, neighbors, and associates of the 21.5 million clearance seekers.
In industry news, rumors continue to say Intel is working toward a sale of its security division. Investcorp acquires Coresec. Cisco buys CloudLock for $293 million.