Cynthia Brumfield reports: On January 6, the United States Federal Communications Commission (FCC) launched a notice of proposed rulemaking (NPRM) to update its data breach reporting rules for telecommunications carriers. “The law requires carriers to protect sensitive consumer information but, given the increase in frequency, sophistication, and scale of data leaks, we must update our rules to…
Category: Commentaries and Analyses
Major Cyber Insurance Overhaul Begins Now
Dan Lohrmann writes: One thing is clear about cyber insurance in the spring of 2023: The status quo is not sustainable. And now, Lloyd’s of London, a major player in the global insurance market, is calling for dramatic changes in the cyber insurance market. According to The Financial Times (FT), “From next month, Lloyd’s will require the dozens…
Inside the international sting operation to catch North Korean crypto hackers
Sean Lyngaas reports: A team of South Korean spies and American private investigators quietly gathered at the South Korean intelligence service in January, just days after North Korea fired three ballistic missiles into the sea. For months, they’d been tracking $100 million stolen from a California cryptocurrency firm named Harmony, waiting for North Korean hackers to move…
PharMerica and BrightSpring Health Services hit by Money Message (update2)
PharMerica, owned by BrightSpring Health, is a national pharmacy network serving partners in over 3,100 long-term care, senior living, IDD/behavioral health, home infusion, specialty pharmacy, and hospital management programs. BrightSpring® Health Services provides comprehensive home and community-based health services to complex populations needing specialized care. Both are headquartered in Kentucky. Earlier today, the Money Message…
Mastodon Vulnerability Exposes Sensitive Information: Data Leak Alert
PBN reports: Mastodon, a social network based on software for servers of the same name, has been found to have a vulnerability that could have allowed attackers to read individual pieces of information. The problem was caused by inadequate filtering of the data transferred during LDAP authentication. The vulnerability allows attackers to smuggle in an…
Iran-Based Hackers Caught Carrying Out Destructive Attacks Under Ransomware Guise
Ravie Lakshmanan reports: The Iranian nation-state group known as MuddyWater has been observed carrying out destructive attacks on hybrid environments under the guise of a ransomware operation. That’s according to new findings from the Microsoft Threat Intelligence team, which discovered the threat actor targeting both on-premises and cloud infrastructures in partnership with another emerging activity cluster dubbed DEV-1084….