On June 23, using the greeting that Hive ransomware always used in emailing victims, AlphV wrote to the Bangladesh Krishi Bank (BKB). Typos, grammar, and spelling as in the original: Hello,Ladies and Gentlemen! This is ALPHV Ransomware Team. We are here to inform you about data breach which took place at the “Bangladesh Krishi Bank”…
Category: Hack
If Kirkland & Ellis Can’t Avoid Cyberattacks, Who Can?
Justin Henry reports: By exploiting a vulnerability in a widely used file transfer application, hackers were able to access the internal information of several large organizations, including three Am Law 50 law firms, highlighting the vulnerability of widespread use of one third-party application. The incident has observers wondering: If some of the largest and most profitable…
DEVELOPING: HCA Healthcare patient data for sale on hacking forum?
A new user on a hacking forum has listed patient data from HCA Healthcare for sale. “As of 2021, HCA Healthcare is ranked #62 on the Fortune 500 rankings of the largest United States corporations by total revenue.” the seller writes, adding Data is grouped by division into 17 files totaling to 27,700,000 rows. More…
Why ransomware groups are targeting Indian pharma companies and the healthcare sector; ClearMedi allegedly hacked
Naandika Tripathi reports: Just three months after a ransomware attack pulled down India’s largest drugmaker, Sun Pharmaceuticals, the threat actors went after another pharma company. Hyderabad-based Granules India was notified of a significant loss of revenue and profitability due to a cybersecurity attack in the last week of May. […] From Dr. Reddy’s to the…
Za: Information Regulator slaps Justice, Constitutional Development Department with R5m fine
IOL reports: The Department of Justice and Constitutional Development (DoJ&CD) has been ordered to pay a R5 million fine following its failure to comply with an Enforcement Notice after contravening the Protection of Personal Information Act (Popia). On May 9 the Information Regulator issued an Infringement Notice against the department for contravening various sections of…
CISA issues warning for cardiac device system vulnerability
Jonathan Greig reports: The Cybersecurity and Infrastructure Security Agency (CISA) warned of a severe vulnerability in a cardiac device from medical device company Medtronic. The issue – tracked as CVE-2023-31222 – carries a “critical” CVSS score of 9.8 out of 10 and affects the company’s Paceart Optima software that runs on a healthcare organization’s Windows server. Medtronic said…