Summary Note: This Cybersecurity Advisory (CSA) is part of an ongoing #StopRansomware effort to publish advisories for network defenders that detail various ransomware variants and various ransomware threat actors. These #StopRansomware advisories detail historically and recently observed tactics, techniques, and procedures (TTPs) and indicators of compromise (IOCs) to help organizations protect against ransomware. Visit stopransomware.gov to…
Category: Commentaries and Analyses
Patients involved in Nova Scotia mass shooting among those caught up in major privacy breach
Bill Dicks reports: Nova Scotia Health is under the microscope after eight employees were found snooping into medical records. The privacy breaches involve the electronic health records of people associated with the April 2020 mass shooting in Nova Scotia, among others. The Office of the Information and Privacy Commissioner says the discoveries were made by…
iRent fined for data leak
CNA reports: Taiwanese car rental and automobile/motorcycle-sharing services platform iRent received separate fines from the Ministry of Transportation and Communications (MOTC) and Taipei City government on Thursday for data protection failings. The popular platform is operated by Ho Ing Mobility Service, a subsidiary of Taiwanese automotive conglomerate Hotai Motor Co. The company received the fines…
Hk: Thousands affected by Institute of Bankers data leak following ransomware incident
rthk reports: The Office of the Privacy Commissioner for Personal Data said on Thursday that it has issued an enforcement notice to the Hong Kong Institute of Bankers, following a data leak that affected more than 13,000 members and about 100,000 non-members. Speaking at a press conference, the watchdog said people’s personal information was leaked…
Insurers Say Cyberattack That Hit Merck Was Warlike Act, Not Covered
Richard Vanderford reports on another attempt by insurers to avoid having to cover costs involved in a cyberattack by applying the common war exclusion: The costly NotPetya cyberattack, which the U.S. blamed on Russia, should be considered a “cyber nuclear attack,” insurers argued as they urged judges to overturn a legal win by Merck & Co. in…
NYS Comptroller DiNapoli releases another concerning school district IT audit
Montauk Union Free School District – Information Technology (2022M-137) Issued Date: January 27, 2023 Audit Objective Determine whether Montauk Union Free School District (District) officials secured access to the network and financial application and developed an information technology (IT) contingency plan. Background The District is located in the Town of East Hampton in Suffolk County…