Andrea Park reports: A vulnerability found in software used to monitor some of BD’s infusion pumps could potentially give hackers access to personal data stored in the system. BD posted a cybersecurity bulletin about the issue Thursday and said it has already notified the FDA and the U.S. Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency…
Category: Commentaries and Analyses
Private Data Breach Litigation Comes of Age
Quinn Emanuel Urquhart & Sullivan, LLP write, in part: Companies face yet another major risk after a data breach—one which is increasing exponentially—data breach litigation brought by private plaintiffs, often in the form of class actions brought by sophisticated plaintiffs’ counsel who specialize in such cases. Private civil litigation is now a probability, not a…
Nice Try Tonto Team: How a nation-state APT attempted to attack Group-IB
Group-IB writes: In 2023, IT and cybersecurity companies remain one of the most attractive targets for cybercriminals, according to the latest threat report “Hi-Tech Crime Trends 2022/2023”. The compromise of a vendor’s infrastructure opens up ample opportunities to penetrate the network further and gain access to a huge pool of data about the victim’s customers…
New MortalKombat ransomware and Laplas Clipper malware threats deployed in financially motivated campaign
Chetan Raghuprasad writes: Since December 2022, Cisco Talos has been observing an unidentified actor deploying two relatively new threats, the recently discovered MortalKombat ransomware and a GO variant of the Laplas Clipper malware, to steal cryptocurrency from victims. Talos observed the actor scanning the internet for victim machines with an exposed remote desktop protocol (RDP)…
GAO Report: Cybersecurity High-Risk Series: Challenges in Protecting Privacy and Sensitive Data
GAO-23-106443 Published: Feb 14, 2023. Fast Facts: Federal systems are vulnerable to cyberattacks. Our High Risk report identified 10 critical actions for addressing federal cybersecurity challenges. In this report, the last in a series of four, we cover the 2 actions related to Protecting Privacy and Sensitive Data: Improve federal efforts to protect privacy and sensitive data, such…
Cloudflare thwarts largest reported HTTP DDoS attack
Waqas reports: Cloudflare stated that it had managed to mitigate multiple “hyper-volumetric” DDoS attacks that originated from more than 30,000 IP addresses. According to a recent blog post by Cloudflare, a vendor specializing in DDoS attack mitigation, its customers were targeted by a series of volumetric DDoS (Distributed Denial of Service) attacks over the past weekend. These…