Russell Myers reports: A hospital worker at the private clinic where the Princess of Wales had abdominal surgery is set to face a criminal prosecution following an investigation into claims that the Princess’ medical records had allegedly been accessed by staff in 2024, it is understood. A total of three trusted employees, who worked at The...

Source

Harriet Alexander and Julie Lewis report: The privacy watchdog has ordered American Express to rectify security flaws in five of its data systems to guard against “insider threats” and to restrict employee access to specific customer information to protect vulnerable and high-profile customers. Privacy Commissioner Carly Kind found the payments giant had “failed to implement...

Source

Today’s reminder of the insider threat is brought to us by DysruptionHub: A former Saydel Community School District information technology worker in Iowa was sentenced June 11 after prosecutors said he disrupted school technology systems used by students and staff. The disruptions affected classroom technology, staff accounts and district-managed devices after Ezekiel Dean Potter left...

Source

Noelle Crombie reports on today’s reminder of the insider threat: A former Snake River Correctional Institution employee accessed tens of thousands of Oregon Department of Corrections files over a six-month period last year, the agency announced Friday. Officials discovered the data breach in January during an investigation into misconduct allegations involving the unnamed employee, according to a statement...

Source

NL Times reports: The Royal Netherlands Marechaussee detained a 24-year-old Amsterdam-based cargo worker at Schiphol on Tuesday, May 19, on suspicion of unauthorized access to computer systems and the leaking of confidential company information, Luchtvaart Nieuws has reported. According to the ongoing investigation, the suspect allegedly used his access to a cargo handling company’s systems at the...

Source

Scott McClallen reports: A federal jury in the Eastern District of Michigan convicted a Michigan nurse and home health care agency owner yesterday for operating a $1.6 million scheme to defraud Medicare. Court documents say that Ruby Scott, 55, of Farmington Hills, Michigan, owned and operated Delta Home Health Care LLC. From 2018 through 2021,...

Source

On the Spot News reports: An investigation has revealed than nearly 50 staff at a Merseyside hospital group accessed horrific details of the condition of those attacked in Southport. The investigation has only just come to light, with victims finding out this week about the horrific data breach as a result of investigative journalism by...

Source

James Lowson reports: A police officer based in Aylesbury was found guilty of breaching data protection laws after she photographed confidential information. At Reading Magistrates’ Court on April 28, PC Lily Maxey was found guilty of breaching data protection laws twice by a district judge. During the same hearing she was ordered to pay £2,050...

Source

In May 2015, DataBreaches reported that on April 30, 2015, the Department of Justice had announced the indictment of twin brothers Muneeb and Sohaib Akhter of Virginia. The twins. who were 23 years old, were indicted on charges of aggravated identity theft, conspiracy to commit wire fraud, conspiracy to access a protected computer without authorization,...

Source

From the U.S. Attorney’s Office, District of Maryland: A Maryland man is facing federal indictment stemming from an unauthorized computer access scheme involving a Maryland medical system. Matthew Bathula, 41, of Clarksville, is charged with two counts of unauthorized access to a protected computer, and one count of aggravated identity theft while working as a...

Source

DysruptionHub reports: Kentwood Public Schools said districtwide Wi-Fi was disrupted after a student used malicious software designed to interfere with the school system’s network. The district said outside experts helped isolate the issue, which affected Wi-Fi connectivity across its schools, and that the problems “appear” to have been resolved. Kentwood Public Schools serves students in...

Source

NISOS writes: Last month, our research on DPRK IT worker fraud made headlines on NBC News. Security teams, hiring managers, and executives all came back with the same reaction: this is happening, and many organizations aren’t equipped to detect it. This isn’t a traditional cyber threat. It’s a human one and it’s not going away....

Source

And then there were three…. A third man has pleaded guilty to conspiring with two other cybersecurity professionals and BlackCat to use BlackCat’s ransomware and negotiation platform to target U.S. firms. Ryan Goldberg of Georgia and Kevin Martin of Texas pleaded guilty in December, and are scheduled to be sentenced on April 30.  Two of...

Source

Laura Cress reports: A former Meta employee suspected of downloading around 30,000 private images of Facebook users is being investigated by the Metropolitan Police. The engineer, who lives in London, is believed to have designed a program to be able to access personal pictures on the site while avoiding security checks. A Meta spokesperson told...

Source

RTHK reports: Police said they have arrested a man working for a contractor commissioned by the Hospital Authority for allegedly stealing the personal data of tens of thousands of patients. The data breach resulted in details of more than 56,000 patients from the Kowloon East cluster being taken without authorisation and leaked on a third-party...

Source

From the Garante’s press release, below, it sounds like the banking group experienced an insider-wrongdoing breach in which an employee improperly accessed  3,573 customer accounts over a period of two years. Data breach: The Italian Data Protection Authority fines Intesa Sanpaolo €31.8 million for unauthorized access to the banking information of over 3,500 customers for...

Source

Joff Thyer // It has been known for some time that an executable payload generated with msfvenom can leverage an alternative template EXE file, and be encoded to better evade […]

The post Advanced Msfvenom Payload Generation appeared first on Black Hills Information Security, Inc..