Joe Uchill reports: It’s taking longer to negotiate ransomware demands. That is a good thing. Law firm BakerHosteler, which handles more than 1,250 cyber-related incidents a year, said in its annual Data Security and Incident Response report that the typical ransomware negotiation for its clients in 2021 lasted eight days. That is roughly twice as long as…
Author: Dissent
Pentester for FIN7 sentenced for scheme that compromised tens of millions of debit and credit cards
Seattle – A Ukrainian man was sentenced today in the Western District of Washington to 5 years in prison for his criminal work in the hacking group FIN7. Denys Iarmak, 32, served as a high-level hacker, whom the group referred to as a “pen tester,” for FIN7. He was arrested in Bangkok, Thailand in November…
Ca: SLGA business partners should have figured out on their own that their data may have been stolen: minister
Geoff Leo reports on what sounds like an utterly unsatisfactory response by the government to questions as to why it didn’t directly notify those affected of a breach: The minister responsible for the Saskatchewan Liquor and Gaming Authority (SLGA) says the Crown corporation didn’t directly notify its business partners that their data may have been…
SuperCare Health notifies 318,379 patients of July breach
In March, Super Care, Inc. dba SuperCare Health, notified the California Attorney General’s Office of a breach. The home respiratory care provider’s notification explained that on July 27, 2021, they had discovered unauthorized activity in their system — activity that they subsequently learned began on July 23. In a notification to 318,379 patients sent on…
The Original APT: Advanced Persistent Teenagers
Brian Krebs reports: Many organizations are already struggling to combat cybersecurity threats from ransomware purveyors and state-sponsored hacking groups, both of which tend to take days or weeks to pivot from an opportunistic malware infection to a full blown data breach. But few organizations have a playbook for responding to the kinds of virtual “smash…
ANNOUNCE: HHS’ Office for Civil Rights Seeks Public Comment on Recognized Security Practices and Sharing Civil Money Penalties and Monetary Settlements Under the HITECH Act
The U.S. Department of Health and Human Services’ (HHS) Office for Civil Rights (OCR) today released a Request for Information (RFI) seeking input from the public on two requirements of the Health Information Technology for Economic and Clinical Health Act of 2009 (HITECH Act), as amended in 2021. The growing number of cybersecurity threats are…